Feishu Integration

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This Feishu integration mostly matches its purpose, but it ships a real-looking Feishu app secret and includes an unguarded chat-deletion script, so it needs careful review before use.

Do not use this skill as-is with production Feishu data. Ask the publisher to remove and rotate the bundled secret, supply your own least-privilege Feishu credentials, review or delete the chat-disband script, and only enable the scheduled welcome bot if you want ongoing automated messages.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Potential exfiltration

Warn

Finding: Sensitive-looking file read is paired with a network send.

Potential exfiltration

Warn

Finding: Sensitive-looking file read is paired with a network send.

Potential exfiltration

Warn

Finding: Sensitive-looking file read is paired with a network send.

Potential exfiltration

Warn

Finding: Sensitive-looking file read is paired with a network send.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

High

What this means

Running the skill could use or expose a bundled Feishu app credential with whatever tenant permissions that app has, including document, file, message, and chat operations.

Why it was flagged

The package includes a real-looking Feishu app secret even though the registry metadata declares no primary credential or required environment variables.

Skill content

FEISHU_APP_ID=cli_a90da2f009f8dbb3
FEISHU_APP_SECRET=LuSwVCJ...

Recommendation

Remove and rotate the bundled secret, declare FEISHU_APP_ID and FEISHU_APP_SECRET as user-supplied credentials, and require a least-privilege Feishu app owned by the installer.

#ASI02: Tool Misuse and Exploitation

High

What this means

If invoked with the wrong chat ID, the agent could disband a Feishu group chat and disrupt users or business records.

Why it was flagged

This script directly disbands/deletes a Feishu chat based on a command-line chat ID, with no confirmation gate or clear user-facing disclosure in the main skill description.

Skill content

const res = await client.im.chat.delete({
            path: { chat_id: chatId }
        });

Recommendation

Remove this helper unless it is a documented feature, or require explicit human confirmation, clear metadata disclosure, least-privilege scopes, and a reversible/approval workflow for destructive chat actions.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

The send command may fail unexpectedly or execute code that was not included in this review if another file exists at that path.

Why it was flagged

The CLI's send command executes a helper path that is not present in the provided file manifest, so that command is either broken or depends on unreviewed adjacent code.

Skill content

const scriptPath = path.resolve(__dirname, '../feishu-post/send.js');
const child = spawn(process.execPath, [scriptPath, ...args], {

Recommendation

Include the referenced helper in the manifest for review, or remove/disable the command until its implementation and provenance are clear.

#ASI10: Rogue Agents

Low

What this means

If the user adds this cron entry, the bot will continue acting in Feishu chats outside the current conversation until the schedule is removed.

Why it was flagged

The skill documents a cron job that would keep running every 30 minutes to send group welcome messages.

Skill content

*/30 * * * * python3 /root/mo-hub/skills/feishu-integration/scripts/group-welcome.py --chat-id oc_xxx --chat-name "群名"

Recommendation

Only enable the cron job intentionally, document how to disable it, and limit it to approved chat IDs with clear message-rate and quiet-hours controls.

#ASI06: Memory and Context Poisoning

Low

What this means

A local user or process with access to that memory directory could read or tamper with the cached Feishu token during its lifetime.

Why it was flagged

The client caches tenant access tokens on disk and reuses them for later Feishu API calls.

Skill content

const TOKEN_CACHE_FILE = path.resolve(__dirname, '../../memory/feishu_token.json');

Recommendation

Store tokens with restrictive file permissions, avoid sharing the memory directory, and provide a cleanup command that removes cached Feishu tokens.