ClawHub

Feishu Auto Reply

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Feishu auto-reply skill with sensitive but disclosed chat permissions and no evidence of hidden data collection or destructive behavior.

Install only if you are comfortable granting a Feishu bot access to read and send messages in the intended workspace scope. Test in a non-production chat first, keep matching rules narrow, avoid sensitive channels unless approved, and stop the service when automatic replies are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README states the bot can read messages, send messages, and access chat and user information, but it does not warn users about the privacy and data-handling implications of processing message content and metadata. For a messaging automation skill, this omission can lead to deployment without informed consent, appropriate retention limits, or compliance review, increasing the risk of privacy violations or misuse of sensitive communications.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill describes automated reading and replying to Feishu messages and requests message read/send permissions, but it does not warn users about privacy, inadvertent disclosure, spam, or account-impact risks. In a messaging automation context, missing safety guidance can lead operators to deploy the bot in sensitive chats or with excessive permissions, causing unintended data exposure or disruptive automated responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal