ClawHub

Feishu DM Sender

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends Feishu/Lark messages using the user's configured OpenClaw Feishu credentials.

Install only if you want your agent to send Feishu/Lark DMs or group messages. Protect openclaw.json because it contains app credentials, keep Feishu app permissions narrow, and require user confirmation or recipient limits before sending sensitive task outputs, logs, secrets, or private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes capabilities to read local configuration (`~/.openclaw/openclaw.json`) and send network requests to Feishu, but it does not declare corresponding permissions. Undeclared file-read and network capabilities reduce transparency and can cause an agent or reviewer to underestimate the skill's access to credentials and its ability to transmit data off-host.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation guidance is broad: 'agent needs to notify someone, send task results, or communicate with team members' can match many normal workflows and may cause the skill to be selected automatically in situations involving sensitive data. Because this skill can message arbitrary users or chats, broad triggering increases the chance of unintended disclosure through overuse or misuse.

Exfiltration Commands

High
Category
Prompt Injection
Content
---
name: feishu-send-message
description: |
  Proactively send messages to Feishu (Lark) users or group chats from your OpenClaw agent.
  Supports name-based lookup from DM contacts config, open_id, and chat_id.
  Zero dependencies — uses only Python 3 stdlib. Reads credentials from openclaw.json automatically.
  Use when: agent needs to notify someone, send task results, or communicate with team members on Feishu.
Confidence
92% confidence
Finding
send messages to

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal