ClawHub

飞书转发消息读取器

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uses Feishu credentials to read merged-forward message contents, with sensitive but purpose-aligned access.

Install only if you trust the skill to use your Feishu app credentials and read messages that the app can access. Review the Feishu app permissions, protect the app secret, and consider using --no-names if you do not need sender-name lookup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents and encourages use of environment variables, shell commands, and outbound network access to Feishu, but it does not declare corresponding permissions. This creates a transparency and least-privilege problem: users or agents may invoke a capability-bearing skill without explicit permission review, and the skill also handles sensitive credentials from config/environment.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill automatically harvests Feishu credentials not only from explicit CLI arguments but also from ambient environment variables and a local OpenClaw config file. In an agent/tooling context, this expands the trust boundary and allows the script to use sensitive local secrets without an explicit user opt-in at invocation time, which is risky for a parser utility whose stated purpose is just reading forwarded message content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script silently pulls credentials from environment variables and a local config file without an explicit user-facing notice at runtime. In an agent or automation context, this can cause users to disclose or use sensitive Feishu app credentials unintentionally, especially if they did not expect the skill to access local secrets automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal