ClawHub

Feishu Agent Skills

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can persistently change OpenClaw routing and expose Feishu app secrets in command output.

Install only if you intentionally want this skill to create or rewire Feishu agents in OpenClaw. Before running it, back up and review ~/.openclaw/openclaw.json, confirm the target account or peer route, and avoid entering app secrets in command lines or allowing outputs that show appSecret values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description is broad enough to trigger on common requests like creating or adding an agent, which increases the chance the skill runs in situations the user did not specifically intend. Because this skill performs configuration and operational changes, overly permissive invocation language can cause unintended modification of local agent and messaging setup.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description explicitly includes modifying ~/.openclaw/openclaw.json, changing bindings and session.dmScope, and running operational follow-up actions like gateway restart, but it provides no user-facing warning or consent boundary. That makes the skill more dangerous because a simple invocation could lead to sensitive configuration changes and service-affecting actions with little transparency.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow instructs backing up config, editing persistent routing state, and restarting the gateway, all of which are system-changing operations, but it does not require an explicit warning or confirmation immediately before execution. In practice this can cause unintended service disruption, persistent misrouting, or config corruption if invoked in the wrong context or with incorrect parameters.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill collects and passes app_secret as a command-line argument to a local script without any credential-handling guidance. Secrets supplied this way may be exposed in shell history, process listings, logs, transcripts, or debugging output, creating a realistic risk of credential disclosure and subsequent account compromise.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal