ClawHub

Feishu Voice Loop

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its advertised audio and Feishu workflow, but it needs Review because it can run a locally configured command and send user text or audio-derived content to third-party services without clear consent boundaries.

Install only if you are comfortable with the configured transcription command running locally and with your text or voice-derived content being processed by OpenAI and Feishu. Review ~/.openclaw/openclaw.json before use, keep that config protected, and avoid using regulated, secret, or highly sensitive content unless the data-flow policy is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for token in model.get('args', []):
            rendered.append(token.replace('{{OutputDir}}', outdir).replace('{{MediaPath}}', str(media_path)))
        cmd.extend(rendered)
        subprocess.run(cmd, check=True)
        txt_path = Path(outdir) / f'{media_path.stem}.txt'
        if not txt_path.exists():
            candidates = list(Path(outdir).glob('*.txt'))
Confidence
91% confidence
Finding
subprocess.run(cmd, check=True)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill routes user-provided text and possibly transcribed voice content to external services including OpenAI for TTS and Feishu for message delivery, but the user-facing description does not clearly disclose that data leaves the local environment. That creates a privacy and consent risk because users may provide sensitive audio or text without understanding that it will be transmitted to third parties and stored or processed under those platforms' policies.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script sends user-supplied text to OpenAI for synthesis and uploads the resulting audio to Feishu, but it provides no explicit disclosure, consent checkpoint, or content-sensitivity warning. In environments where users may pass secrets, personal data, or regulated content, this can cause unintended third-party data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal