ClawHub

飞书图片发送

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly purpose-aligned, but it includes hardcoded Feishu app credentials and weak guidance around sending local images to an external service.

Review before installing. Do not reuse the embedded Feishu credentials; they should be treated as exposed and rotated by the owner. Use your own scoped Feishu app credentials from environment variables or a secret manager, verify the recipient ID, and only send images you are comfortable uploading to Feishu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill embeds a real Feishu App ID and App Secret directly in the example script, exposing long-lived credentials to anyone who can read, copy, or reuse the skill. This exceeds the minimum capability needed for an image-sending helper and can enable unauthorized API access under the associated Feishu tenant.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The script comments imply only operational inputs are passed as parameters, but authentication secrets are silently embedded in the body of the script. This misleads users about the sensitivity of the code and increases the chance that secrets are copied, committed, or reused insecurely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is specifically designed to upload a local image to Feishu's external service, but it does not clearly warn users that local file contents will leave the host and be transmitted to a third party. In a tool that can operate on arbitrary screenshots, QR codes, or other images, this creates meaningful data leakage risk if used on sensitive content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The full example combines app credentials, recipient identifiers, file upload, and message delivery without any warning about secret handling or outbound data transfer. This makes it easy for users to copy-paste sensitive credentials and transmit local content over the network without understanding the security implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal