Back to skill

Security audit

volcengine-tts-feishu

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it turns text into speech through Volcengine and can optionally send the audio to Feishu, but the text, audio, and credentials are sensitive.

Install only if you are comfortable sending input text to Volcengine and, when using --send-to, uploading generated audio to Feishu under your configured app. Protect the config files containing API secrets, verify the Feishu open_id before sending, and avoid confidential text unless your organization allows these providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities that read local config files, call external HTTP APIs, and invoke ffmpeg/shell tooling, but it does not declare corresponding permissions. Undeclared file/network/shell capabilities reduce transparency and can cause the agent runtime or user to underestimate the skill's access and data-flow risks.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
Although the skill mentions Feishu sending at a high level, the behavior also includes reading credentials from local OpenClaw and skill configuration files and using them to authenticate and transmit data to third-party services. That credential access and external message-sending behavior is security-relevant and should be stated explicitly, because users may not realize local secrets will be consumed automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The --send-to workflow uploads generated audio derived from user text to Feishu and necessarily transmits content to external services, but the documentation does not present this as a clear privacy/security warning at the point of use. Users may inadvertently send sensitive text-derived content or metadata externally without informed consent.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script silently reads Feishu app credentials from a local configuration file and uses them to send outbound messages, without explicit runtime disclosure or confirmation. In an agent-skill context, this is dangerous because it can cause credential-backed external actions on behalf of the user or organization without sufficiently transparent consent boundaries.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.