ClawHub

Lark All In One

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Feishu/Lark integration, but it gives an agent broad workspace read/write power without enough safety boundaries.

Install only for a Lark workspace and app you control. Create a dedicated Lark app, grant the minimum scopes needed, prefer read-only scopes where possible, and require explicit review before deleting data, changing permissions, sending important messages, removing participants, accessing meeting recordings/transcripts, or approving/rejecting workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes powerful capabilities across messaging, files, meetings, transcripts, tasks, approvals, and admin-like content operations, including deletion and access to sensitive workspace data, but it does not prominently warn users about the privacy and integrity risks of granting broad scopes or allowing autonomous actions. In an agent-skill context, this increases the chance that a user enables high-impact operations without understanding that the skill can read confidential content, modify records, or delete resources across an organization workspace.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive actions such as deleting messages without any warning, confirmation guidance, or mention of irreversibility. In a broad admin/integration skill with many high-privilege actions, this increases the chance that an agent or user will perform destructive operations accidentally or without adequate user consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The minutes transcript/statistics APIs expose highly sensitive meeting content, speaker identity, and participation metadata, but the skill presents them as routine reads without privacy or authorization warnings. This can normalize access to confidential conversations and make over-collection or inappropriate disclosure more likely in enterprise environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal