ClawHub

Lark Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Lark/Feishu API reference skill with a user-run token helper; it can enable powerful workspace actions, but the behavior matches its purpose.

Install only if you intend to let an agent help with Lark/Feishu administration or workspace actions. Use a dedicated low-privilege Lark app, protect App Secret and access tokens, keep ~/.openclaw/openclaw.json out of source control and logs, and require explicit approval before sending messages, reading histories, sharing documents, managing members, or modifying business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The security section is misleading: it says the skill does not access credentials automatically, yet the documented helper reads secrets from environment variables and from ~/.openclaw/openclaw.json. Misrepresenting credential access behavior can cause users or agents to run the helper under false assumptions, leading to unintended secret use from local configuration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The playbook instructs users to place App ID, App Secret, encryption keys, and verification tokens in a local config file or environment variables, but it does not warn that these are sensitive secrets or provide guidance on protecting them. In an agent skill context, this increases the risk of credential leakage through source control, logs, shared home directories, process listings, or insecure host configuration, which could enable unauthorized use of the Lark bot and APIs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This reference exposes a broad set of read/write Lark operations that can send messages, create chats, read message history, query contacts, access document content, and modify tasks/calendars without documenting any approval, least-privilege, or user-confirmation requirements. In an agent setting, such omission is dangerous because it normalizes direct execution of sensitive actions and data access, increasing the risk of unintended disclosure, spam, unauthorized changes, or privacy violations if the agent is prompted to use these tools automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal