ClawHub

feishu-audio-messages

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it converts text or audio into a Feishu voice message and sends it using Feishu app credentials.

Install only if you are comfortable with Feishu app credentials being used to upload audio and send messages. Use a least-privilege Feishu app, verify the recipient open_id and content before running, and avoid sensitive or regulated text/audio unless Feishu and the TTS provider are approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation describes sending voice/audio through Feishu Open API and using Edge TTS, but it does not clearly warn users that message text, generated audio, or uploaded audio files are transmitted to external services. This creates a real privacy and data-handling risk because users may unknowingly send sensitive content to third parties during normal use.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script silently reads Feishu secrets from environment variables and user config files without explicit consent or warning at runtime. In an agent skill context, that increases the chance users unknowingly grant access to stored credentials, which can surprise users and broaden the blast radius if the skill is invoked in an unexpected context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits user-provided text, generated audio, recipient identifiers, and authentication-derived API requests to Feishu without any explicit privacy or data-transfer warning. In a skill ecosystem, silent exfiltration to a third-party service is risky even when functionally intended, because users may not understand that their content leaves the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal