ClawHub

Deepsop Genvis 助手

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent AI image and video generator, but it can automatically send prompts, generated links, and uploaded media URLs to external services with limited privacy disclosure.

Install only if you are comfortable sending prompts, reference files, and generated output links to ai.deepsop.com. Do not set FEISHU_WEBHOOK_URL unless you want every run to notify that webhook with prompt text and result links. Avoid using sensitive or private media unless you understand the provider’s hosting, retention, and access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Tainted flow: 'FEISHU_WEBHOOK_URL' from os.environ.get (line 52, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
            }
        
        response = requests.post(
            FEISHU_WEBHOOK_URL,
            json=content,
            headers={"Content-Type": "application/json"},
Confidence
98% confidence
Finding
response = requests.post( FEISHU_WEBHOOK_URL, json=content, headers={"Content-Type": "application/json"}, timeout=30 )

Tainted flow: 'content' from requests.post (line 622, network input) → requests.post (network output)

Medium
Category
Data Flow
Content
}
            }
        
        response = requests.post(
            FEISHU_WEBHOOK_URL,
            json=content,
            headers={"Content-Type": "application/json"},
Confidence
95% confidence
Finding
response = requests.post( FEISHU_WEBHOOK_URL, json=content, headers={"Content-Type": "application/json"}, timeout=30 )

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill's primary purpose is image/video generation, but it also contains secondary notification behavior that transmits prompts and output links to Feishu. Because this side channel is not essential to generation and may not be expected by users, it raises privacy and data-handling risk, especially for sensitive prompts or non-public result URLs.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The Feishu webhook capability introduces third-party message delivery that is not necessary for core task completion and can leak prompt contents and generated asset locations. In agent or automation environments, operators may set environment variables globally, causing silent data forwarding across many runs.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases include very broad everyday expressions such as '帮我画' and generic image/video requests, which can cause the skill to activate in contexts where the user did not intend to invoke an external generation service. In this skill, accidental activation is more dangerous because invocation may consume paid credits and upload user-provided media to a remote API.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill states that uploaded local reference images/videos are automatically converted via a file-upload API, but it does not clearly warn that this is an outbound transfer of local user data to a third-party service. Given the returned URL appears publicly accessible, this can expose sensitive images, videos, or metadata beyond the user's expectation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file upload workflow shows a direct POST of local files to an external endpoint and a response containing a remote URL, but it lacks an explicit privacy notice, data retention statement, or warning that the URL may be publicly reachable. In context, this skill actively solicits user media for upload, so the absence of informed consent materially increases the chance of unintended data disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document recommends sending images via publicly accessible URLs in Markdown without warning that generated images may contain sensitive, proprietary, or user-provided content. In this skill's context, automatically converting outputs to public links can unintentionally expose private media to anyone with the URL or to third-party infrastructure, making the guidance security-relevant rather than purely cosmetic.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The best-practice section actively promotes uploading generated images to public object storage/CDNs as the default workflow, but omits discussion of access control, retention, and data classification. Because this skill handles user prompts and generated media asynchronously, the recommendation increases the chance that sensitive or regulated content is exposed beyond the intended recipient.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Feishu integration recommendations again favor public URLs and webhook-based delivery without noting that externally hosted image links may expose content to unintended viewers, logs, link preview systems, or third-party hosting providers. In a media-generation skill, this creates a realistic confidentiality risk because outputs may reflect private prompts, uploaded references, or internal business material.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
At the point of transmission, the code sends prompt text and result links to an external webhook without a direct user-facing warning or confirmation. This is dangerous because users may assume the content only goes to the generation provider, while the script actually duplicates it to another system with different visibility and retention.

Ssd 3

Medium
Confidence
97% confidence
Finding
The notification message mirrors user prompts and generated links in plain language to Feishu, increasing exposure of potentially sensitive creative requests or private media. This duplication is particularly risky in shared workspaces, enterprise agents, or regulated environments where prompt contents may contain confidential data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal