ClawHub

weekly-report-generator-feishu-chinese

Security checks across malware telemetry and agentic risk

Overview

This weekly-report skill is not clearly malicious, but it can scan local Git repositories and send the result to Feishu automatically without a review step.

Install only if you want a Git-history weekly report tool that can send reports to Feishu. Before use, restrict PROJECT_ROOT to the exact repositories you intend to include, store Feishu secrets outside the script if possible, verify the recipient, require a preview before sending, and do not enable the LaunchAgent schedule unless recurring unattended reports are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (32)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill exercises shell, filesystem, environment, and network capabilities but declares no permissions, preventing meaningful user review or policy enforcement. In this skill's context, those hidden capabilities are used to scan repositories and send data externally, making the omission security-relevant rather than merely incomplete metadata.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The description presents a local report-generation tool, but the documented behavior also scans all repositories under a configured root and automatically sends the resulting report to Feishu. This mismatch can mislead users into granting trust to a skill that performs broader collection and exfiltration than its stated purpose implies.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
A skill framed as generating weekly reports from git logs should not silently include mandatory outbound delivery to a third-party platform. Bundling report generation with forced transmission expands the data flow from local analysis to external disclosure, which is dangerous because commit-derived reports often contain confidential project details.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill mandates automatic Feishu transmission of generated reports without review or confirmation, creating an unjustified external messaging channel for potentially sensitive development data. Because the report is derived from commit logs and screenshots, exploitation could leak proprietary code activity, internal issue references, and team operations outside the local environment.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The instruction to scan all Git repositories under PROJECT_ROOT or a default path exceeds the narrow task of generating a report for the user's current or requested repository. This broadens data access unnecessarily and can pull in unrelated private repositories, increasing the chance of overcollection and accidental disclosure.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation contains conflicting execution rules: early steps require immediate collection and sending without asking, while later sections say to confirm parameters first. Such contradictions are dangerous because they bias the agent toward the more invasive automatic behavior, undermining consent and predictable operation.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The stated 'User-centric' principle conflicts with the mandatory automatic execution elsewhere, indicating poor control design and making the skill unreliable from a safety perspective. In practice, agents may follow the more specific invasive instructions, causing unreviewed data collection and sharing despite the stated principle.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to generate weekly reports from git commit logs, but this script also transmits report contents to Feishu over the network. That materially expands the skill's trust boundary from local report generation to external data exfiltration and messaging, which is security-relevant because commit-derived reports may contain sensitive project details.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The script directly handles Feishu credentials and uses them to call external APIs, which goes beyond the stated purpose of generating reports. Even if intended for convenience, embedding credential handling and network operations in a local reporting skill increases the risk of secret exposure, unauthorized messaging, and unintended transmission of sensitive report content.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The installation guide states that the skill will not only generate reports from git logs but also automatically send them to Feishu. This expands the effective behavior beyond the manifest description and can cause users to authorize outbound transmission of repository-derived content without understanding that messaging/exfiltration is part of the skill.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The usage section says the AI skill will automatically call a Feishu-sending script after collecting and optimizing weekly report content. That behavior exceeds the stated scope of simple report generation and creates a risk of unintended external sharing of potentially sensitive development information.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The guide documents configuring Feishu credentials and messaging permissions even though the manifest only promises weekly report generation from git logs. This unjustified messaging capability increases the attack surface and may enable outbound delivery of repository-derived data under the guise of a local reporting skill.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs automatic data collection and later automatic Feishu delivery without user confirmation or warning. This violates informed-consent expectations and can cause unauthorized processing and dissemination of sensitive work history, especially when the user may only have asked for a summary.

Missing User Warnings

High
Confidence
97% confidence
Finding
Scanning all repositories under PROJECT_ROOT without a privacy warning or explicit scoping can collect data far beyond what the user intended. In a development environment, that may include unrelated clients, internal tools, security fixes, or confidential project names, making the overcollection materially risky.

Missing User Warnings

Critical
Confidence
99% confidence
Finding
This is the strongest issue: the skill requires automatic external transmission to Feishu without disclosure or confirmation. That creates direct exfiltration of potentially sensitive internal engineering activity to an external service, with no human review to catch confidential content or misrouting.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises a very broad invocation pattern such as asking it to generate a weekly report, which can easily overlap with ordinary conversation. In an agent environment, ambiguous triggers can cause unintended activation of repository scanning, screenshot extraction, and downstream message sending without the user fully understanding that a sensitive workflow has started.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The usage examples use natural-language requests like '帮我生成本周周报' and '总结一下我这周做了什么' without clarifying that these phrases invoke automation rather than simple summarization. That increases the chance that normal user requests trigger sensitive data collection and outbound reporting behavior unexpectedly.

Vague Triggers

Low
Confidence
82% confidence
Finding
The architecture section reinforces a broad trigger model by showing ordinary speech as a valid activation path. While this is documentation rather than executable logic, it normalizes unsafe invocation semantics and can lead implementers or users to treat ambiguous language as authorization for scanning and sending operations.

Missing User Warnings

High
Confidence
96% confidence
Finding
The description emphasizes convenience and automation but does not clearly warn users that the skill scans multiple Git repositories, extracts text from screenshots, and automatically sends generated content to Feishu. This creates a meaningful risk of unintended disclosure of source code metadata, internal project details, meeting notes, or other sensitive information to an external messaging destination.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Scheduled unattended generation and delivery are described as a feature, but there is no visible warning about continuous background data processing and outbound messaging. In practice, this can repeatedly expose newly added sensitive commits, screenshots, or internal work summaries without a human reviewing content each time.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes automatic data collection and sending weekly reports to Feishu without a clear privacy warning or explicit discussion of data transmission consequences. Because weekly reports are derived from git history, they may include sensitive project names, work descriptions, or internal details that users may not expect to leave the local environment.

Ssd 3

High
Confidence
98% confidence
Finding
The skill directs the agent to automatically collect potentially sensitive work data from repositories and screenshots, then incorporate it into a report, all without a user approval gate. In context, commit logs often reveal issue IDs, client names, internal architecture, and security work, so uncontrolled collection materially increases confidentiality risk.

Ssd 3

High
Confidence
99% confidence
Finding
The skill mandates sending the generated report to Feishu immediately with no review or approval step, preventing the user from checking whether confidential details were included. This is especially dangerous because the report is AI-optimized and may aggregate and rephrase sensitive development activity into a concise, easily shareable summary.

Session Persistence

Medium
Category
Rogue Agent
Content
## ⏰ 配置定时任务(macOS)

### 步骤 1:复制 plist 文件

```bash
# 复制定时任务配置
Confidence
90% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 复制定时任务配置
cp scripts/com.user.weekly-report.plist ~/Library/LaunchAgents/

# 修改配置文件中的路径为你的实际路径
```
Confidence
90% confidence
Finding
plist

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal