ClawHub

Feishu File Sender 1.0.9

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uploads a selected local file to Feishu using configured Feishu app credentials; no hidden behavior was found, but it can share files and use account authority.

Install this only if you want the agent to send local files through Feishu. Verify the publisher and dependency environment, keep Feishu app permissions limited, and confirm both the file path and recipient before invoking the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

If invoked on the wrong file or recipient, the configured Feishu app could send content you did not intend to share.

Why it was flagged

The skill uses local Feishu app credentials to obtain a tenant access token. This is clearly disclosed and purpose-aligned, but it grants the script Feishu app authority.

Skill content
This skill reads Feishu credentials from the local OpenClaw config (`~/.openclaw/openclaw.json`): ... `appId` ... `appSecret`
Recommendation

Use least-privilege Feishu app credentials, keep the OpenClaw config protected, and verify the target chat/user before sending.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

Any file path accessible to the process can be uploaded if selected as the argument.

Why it was flagged

The bundled CLI can upload a specified local file and send it through Feishu messaging APIs. This is the core feature, but it is a data-sharing action.

Skill content
parser.add_argument("--file", required=True, help="Local file path") ... FEISHU_UPLOAD_URL ... FEISHU_SEND_MSG_URL
Recommendation

Only invoke the skill for files you intend to send, preferably agent-generated files, and confirm the receive ID points to the intended chat or user.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

A future or compromised dependency version could affect runtime behavior if installed without pinning.

Why it was flagged

The documented dependency install is normal for this Python script, but it is not version-pinned in the provided artifacts.

Skill content
python3 -m pip install requests
Recommendation

Install dependencies from trusted sources, consider pinning `requests` to a known-good version, and review the package environment before use.