Feishu Cards

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill mostly does what it claims, but it embeds undeclared Feishu app credentials that can obtain a tenant token and send messages.

Review before installing. This skill can send real Feishu messages and includes a built-in Feishu app secret that is not declared in metadata. Prefer a version that removes embedded credentials, requires your own declared Feishu app credentials, and asks for confirmation before sending to users or group chats.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

High

What this means

The skill may send Feishu messages using an embedded app credential rather than credentials the user knowingly configured, and the credential's tenant, ownership, and permissions are unclear.

Why it was flagged

The script includes default Feishu app credentials and uses them to request a tenant access token. This is not declared in the registry metadata, which says there are no required env vars and no primary credential.

Skill content

APP_ID = os.environ.get("FEISHU_APP_ID", "cli_a9f13ef641f8dcd9")
APP_SECRET = os.environ.get("FEISHU_APP_SECRET", "z7Aq63...mA26")
...
resp = requests.post(url, json={"app_id": self.app_id, "app_secret": self.app_secret})

Recommendation

Remove embedded secrets, require users to provide their own Feishu app ID and secret through declared environment variables, and document the required Feishu app scopes.

#ASI02: Tool Misuse and Exploitation

Low

What this means

If invoked with the wrong recipient or content, it could send an unintended message to a person or group chat.

Why it was flagged

The skill sends interactive messages to any caller-supplied Feishu recipient ID. This is expected for a Feishu card-sending skill, but it is an externally visible action.

Skill content

p.add_argument("--to", required=True)
...
url = f"https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type={id_type}"
resp = requests.post(url, json=msg, headers={"Authorization": f"Bearer {self._token}"

Recommendation

Confirm the recipient ID, chat type, title, and content before sending, especially for group chats or sensitive messages.

#ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

Users may need to install a package manually, and the exact dependency version is not fixed by the skill artifacts.

Why it was flagged

The skill documents a manual, unpinned dependency installation. This is common and purpose-aligned for a Python API client, but it is not captured in an install spec.

Skill content

Requirements

- Python 3.7+
- requests library

Install: `pip install requests`

Recommendation

Use a pinned requirements file or install spec so users can review and reproduce the dependency setup.