Feishu Mood Music

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Feishu mood-music sender, but it can automatically generate, play, and post audio from broad emotional phrases using local credentials without enough user control.

Install only if you want this skill to spend MiniMax quota, use Feishu app credentials, upload audio, and post to Feishu chats. Use a dedicated least-privilege Feishu app, restrict allowed chat IDs, disable or require confirmation for implicit triggers and local autoplay, and avoid enabling mood-history logging unless users explicitly agree and can delete it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: Automatically launching local media players expands the skill from remote message delivery into host-side command execution and local application control. For a Feishu music companion, this is unnecessary privilege and can cause unexpected behavior on the host, especially in shared, headless, or server environments. Any feature that opens local applications should be treated as a sensitive side effect.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill probes the host environment for installed applications and then executes local playback commands, even though its stated purpose is sending music to a Feishu group. Host reconnaissance plus local execution is an unjustified capability increase that can expose environment details and create side effects unrelated to the user-visible function. In agent settings, unnecessary environment probing is a meaningful risk signal.

Description-Behavior Mismatch

Low

Confidence: 82% confidence
Finding: The optional mood-tracking feature stores emotional history and preferences locally, which exceeds the manifest's immediate generation-and-delivery purpose. Even if local-only, emotion history is sensitive personal data; persisting it without clear consent, retention, and access controls creates privacy and misuse risk. The danger is amplified because the stored content concerns users' mental state patterns.

Vague Triggers

High

Confidence: 94% confidence
Finding: The fully implicit trigger activates on broad, common conversational phrases, including highly sensitive distress language, without requiring direct invocation. This can cause unsolicited actions in group chats and may wrongly infer intent from ordinary speech, creating privacy, spam, and reputational harm. In the worst case, it reacts automatically to self-harm-adjacent phrases without any safety escalation or human-centered handling.

Vague Triggers

High

Confidence: 94% confidence
Finding: The Level 3 trigger list contains common colloquial phrases that are likely to appear in routine conversation, but the skill provides no robust exclusions or disambiguation rules. That makes false positives likely and enables unprompted message sending or media generation based on incidental text. Because this occurs in group chat contexts, the operational and privacy impact is amplified.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill instructs the agent to autoplay local audio and send audio to Feishu without a clear user confirmation step or risk notice. These are material side effects: they can disturb the local machine, leak content to chat recipients, and surprise users who did not intend immediate execution. Lack of consent and transparency makes accidental misuse more likely.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The mood-history logging feature stores sensitive emotional data but does not clearly define notice, retention, deletion, or user control. Emotional state history is privacy-sensitive and can reveal behavioral patterns over time; even local storage can be inappropriate if users are unaware or cannot manage it. This is especially concerning in workplace chat contexts like Feishu.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The script transmits user-provided prompt text to an external music-generation API, and in this skill the prompts are likely derived from sensitive emotional states such as stress, breakdown, or self-harm language. Because the skill is designed around mood detection and automatic triggering, users may not realize that highly sensitive mental-health-related text is being sent to a third party.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The instructions explicitly direct the skill to retain users' emotional history and preferences in a local log. This is sensitive profiling data, and collecting it for convenience features like preference recall introduces privacy and secondary-use risks disproportionate to the core function of generating a song. Because it tracks repeated negative moods over days, it can become a sensitive behavioral dossier.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal