ClawHub

FeiShu Robot @ Protocol

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because it sends Feishu messages using a user identity and relies on visible chat text to identify bot senders.

Install only for trusted Feishu groups where you control the bots and understand that messages may be sent through a user identity. Before use, restrict allowed chats, verify actual Feishu sender/open_id values instead of trusting visible sender markers, and define cleanup and access rules for the local user-ID mapping file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manual trigger phrase is broad and lacks clear boundary conditions, which can cause the skill to activate on ordinary chat content rather than deliberate administrative commands. In this context, unintended activation could lead to member enumeration, mapping updates, or other side effects without clear user intent, increasing the risk of accidental data collection and misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs storing username-to-ID mappings in a local file and refreshing them by reading recent message history, but it does not define user notice, consent, retention limits, or access controls for that data. Because the stored data includes persistent identifiers and message-derived metadata, this creates privacy and compliance risk if the file is over-collected, exposed locally, or used beyond the original communication purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal