ClawHub

Bot Roundtable

Security checks across malware telemetry and agentic risk

Overview

This skill is openly meant to run multi-bot Feishu discussions, but it can automatically post as several bot identities using stored credentials with vague triggers and limited control guidance.

Install only for Feishu groups and bots you control. Replace vague triggers with an explicit command or bot mention, restrict use to approved chats and users, require confirmation before posting, label automated bot responses clearly, and store Feishu secrets with least privilege outside committed files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "大家怎么看" is broad, conversational, and likely to appear in ordinary group chat without a deliberate intent to invoke the skill. In this skill's context, accidental activation is more dangerous because it can cause the system to spawn multiple bot personas and post into a shared Feishu group, creating unanticipated outbound messages and potential confusion or spam.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "多角度分析" is ambiguous and not sufficiently constrained to a clear command syntax. Because this skill causes multiple bot identities to participate in a group chat, ambiguous triggering raises the risk of unintended execution, noisy group posting, and misuse by users who can elicit bot activity with normal language.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation describes automatic spawning of multiple sub-agents and sending messages through different bot identities, but it does not clearly warn users that their prompt may be propagated into a group chat under multiple identities. In this context, the missing disclosure increases the risk of privacy misunderstandings, deceptive interaction patterns, and unauthorized or unexpected broadcasting of user-supplied content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration section includes app_id and app_secret examples and references credential storage, but it does not provide any warning or guidance for secure secret handling. In a multi-bot messaging skill, exposed Feishu credentials could allow unauthorized message sending, impersonation of bots, or broader compromise of connected chat integrations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal