ClawHub

Feishu App Bot

Security checks across malware telemetry and agentic risk

Overview

This Feishu/Lark bot connector has meaningful chat and message powers, but the artifacts disclose those powers and keep them aligned with the stated purpose.

Install only if you intend to let the agent operate a connected Feishu/Lark app bot. Confirm exact recipients, message IDs, and payloads before sending, editing, pinning, removing, or recalling messages, and treat file/image downloads to transit storage as a data transfer outside the original chat boundary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger text is overly broad: it instructs the agent to use this skill for ANY Feishu App Bot request and instead of calling the API directly. That can cause unintended invocation for loosely related Feishu tasks, increasing the chance of performing sensitive read/write/delete operations through this connector without sufficient task-specific narrowing or safer alternative handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The action description states that it downloads a Feishu/Lark file and uploads it to transit storage, but it does not prominently warn users about the data-movement and persistence implications. This can lead operators to unknowingly transfer sensitive documents into another storage boundary, increasing the risk of unintended disclosure, retention, or policy noncompliance.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This action documentation describes a destructive capability—recalling a previously sent bot message—without warning the operator about the irreversible or user-visible impact of deleting content. In an agentic setting, omission of such safety guidance can lead to accidental message removal, audit gaps, or misuse against user expectations, especially because the skill is positioned as the default path for any Feishu App Bot request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal