ClawHub

Feishu Voice (NoizAI)

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates NoizAI speech audio and sends it as a Feishu voice message, with the main privacy and dependency risks disclosed.

Install this only if you are comfortable sending the spoken text to NoizAI and delivering the generated audio through Feishu. Review and trust the separate noizai-tts skill first, avoid using it for sensitive content, and do not provide NOIZ_API_KEY unless you intentionally want authenticated NoizAI behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp1

High
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares only network and filesystem permissions, but the code executes a local Python script via subprocess, which effectively gives it shell/process-execution capability beyond the declared permission model. In an agent environment, this mismatch is dangerous because it bypasses least-privilege expectations and may allow execution of unintended code if the referenced script or interpreter environment is compromised.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation text is broad enough that the skill may auto-trigger on many generic requests to 'speak' or 'reply with audio,' causing unintended network transmission of user content to a third-party TTS provider and outbound delivery to Feishu. In this context, broad triggering is more dangerous because the skill has both network and filesystem permissions and explicitly uploads text off-platform for synthesis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal