Feishu Voice Send

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu voice-message helper that generates audio through MiniMax or Edge TTS, with privacy and dependency caveats but no evidence of hidden or destructive behavior.

Install this only if you intend to use MiniMax or Edge TTS for Feishu voice messages. Avoid sending secrets or sensitive conversations through it, confirm your mmx credentials and Edge TTS dependency are trusted, and expect temporary audio files to be created during conversion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly states that voice messages are sent to and received from external TTS/STT providers such as MiniMax, Edge TTS, and Whisper, but it does not warn users that message content and voice data may be transmitted to third-party services. In a messaging context, this can expose sensitive spoken or written content, creating privacy, consent, and compliance risks if users assume processing is local or platform-native.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal