feishu voice reply

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it turns user-provided text into audio with Volcengine and sends it through Feishu, but users should treat that as third-party data sharing.

Install only if you are comfortable sending the typed message text to Volcengine and the resulting audio to Feishu. Use dedicated least-privilege credentials, remove unused Feishu permissions where possible, avoid secrets or regulated data in messages, and verify the recipient before running the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

External Transmission

Medium

Category: Data Exfiltration
Content: # 步骤 1：生成 TTS 音频 echo "⏳ 步骤 1/5: 生成火山引擎 TTS 音频..." RESPONSE=$(curl -sL -X POST 'https://openspeech.bytedance.com/api/v3/tts/unidirectional' \ -H "x-api-key: $VOLC_API_KEY" \ -H "X-Api-Resource-Id: $VOLC_RESOURCE_ID" \ -H 'Content-Type: application/json' \
Confidence: 95% confidence
Finding: curl -sL -X POST 'https://openspeech.bytedance.com/api/v3/tts/unidirectional' \ -H "x-api-key: $VOLC_API_KEY" \ -H "X-Api-Resource-Id: $VOLC_RESOURCE_ID" \ -H 'Content-Type: application/json' \

External Transmission

Medium

Category: Data Exfiltration
Content: exit 1 fi SEND_RESPONSE=$(curl -sL -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id' \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d "{
Confidence: 93% confidence
Finding: curl -sL -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id' \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal