Feishu Official Plugin Switch

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly an upgrade guide, but it misleadingly reports installation, configuration, restart, and verification as successful even though its code does not perform or check those actions.

Review before installing. Treat this skill as an instructional checklist, not an automated migration tool. Manually verify each OpenClaw command, avoid sudo unless necessary, prefer a pinned and trusted package version, back up current plugin configuration, and only grant Feishu user permissions needed for the features you intend to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill advertises automated installation, configuration changes, plugin switching, restart, and verification, but the documented behavior does not actually perform those actions or validate success. This is dangerous because operators may believe a security-sensitive migration succeeded when it did not, leaving systems in an unknown state while encouraging execution of privileged commands and permission grants based on false assurances.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The activation phrases are broad enough to overlap with normal user requests such as asking for installation help or enabling streaming, which can trigger a workflow involving plugin changes and operational guidance unexpectedly. In a skill that discusses installation and service restart, ambiguous triggering increases the chance of accidental invocation and unsafe operator action.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes installing a plugin, changing configuration, switching components, and restarting a gateway without a clear up-front warning about operational impact, required privileges, downtime, rollback, or potential data-access changes. Because it also requests expansive Feishu scopes, lack of explicit modification warnings can mislead users into approving sensitive actions without informed consent.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal