ClawHub

飞书开放平台 API

Security checks across malware telemetry and agentic risk

Overview

This Feishu API skill is purpose-aligned, but it needs review because it can make high-impact Feishu changes and disables TLS verification while handling secrets and tokens.

Install only after reviewing the Feishu app permissions and credential source. Use a least-privilege Feishu app, require explicit confirmation before deletes or permission changes, verify target IDs and affected counts, and replace all unverified TLS contexts with normal certificate verification before using real secrets or tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The example explicitly disables TLS certificate verification via ssl._create_unverified_context() while exchanging OAuth credentials and tokens. That enables man-in-the-middle interception or tampering of app_secret, authorization code, access_token, and refresh_token, which is especially dangerous in an OAuth flow handling highly sensitive secrets.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents batch deletion, permission changes, file movement, and upload capabilities without requiring explicit confirmation, scoping checks, or warnings about irreversible impact. In this context, the skill is specifically designed for high-impact Feishu administration and bulk operations, so missing safety interlocks materially increases the risk of accidental or unauthorized destructive actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads Feishu app credentials directly from a root-owned configuration file without any disclosure, permission checks, or user-consent boundary. In an agent skill, this can silently grant the code privileged API access beyond what the user expects, enabling unauthorized data access or administrative actions if the skill is triggered unexpectedly.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code sends app secrets, access tokens, and API payloads over HTTPS while explicitly disabling TLS certificate verification via ssl._create_unverified_context(). This creates a man-in-the-middle risk where attackers could intercept credentials and tamper with API requests or responses, which is especially dangerous given the skill can perform bulk writes, deletions, and permission changes.

Missing User Warnings

High
Confidence
93% confidence
Finding
The batch deletion function performs destructive bulk record removal with no confirmation, preview, safeguard, or rollback support. In an agent context, a mistaken prompt, prompt injection, or misuse of privileged credentials could rapidly delete large datasets, and the bulk design amplifies the blast radius.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal