ClawHub

Leo Feishu Send Image

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: sends a chosen local image through Feishu, with privacy-sensitive behavior that users should confirm before use.

Install only if you intend to let this skill send images through your Feishu bot. Use a least-privilege Feishu app, keep the OpenClaw config private, and confirm the exact image path and recipient or chat ID before sending, especially for generated, sensitive, or batch images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation clearly instructs users to run shell commands and invoke local scripts, but the skill metadata shown in the file does not declare corresponding permissions. Undeclared shell capability weakens transparency and policy enforcement, increasing the chance that an agent or user runs actions with more power than expected.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to transmit local image files and recipient identifiers to Feishu, but the documentation does not clearly warn users that local data leaves the host and is sent to an external service. This creates a privacy and data-handling risk, especially if users assume the action is only local automation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example workflow encourages automatic saving and sending of AI-generated images without emphasizing consent, recipient verification, or privacy review. In an agent setting, this increases the risk of unintended exfiltration of generated or locally stored content to the wrong user or chat.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal