ClawHub

Feishu Master

Security checks across malware telemetry and agentic risk

Overview

This skill can be useful, but it gives an agent broad Feishu workspace API authority and lacks clear safeguards for credentials and destructive actions.

Install only if you intentionally want an agent to use Feishu app-level credentials. Use a least-privileged test app when possible, keep scripts/env/app.json and token_cache.json out of source control with restrictive file permissions, review any generated scripts before first execution, and require explicit human approval for send, update, delete, admin, or bulk data operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells users or agents to write Feishu app credentials directly to scripts/env/app.json without any warning about secret handling, file permissions, or accidental disclosure. Storing long-lived secrets in plaintext on disk can lead to credential theft through repository commits, backups, logs, or local compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes caching access tokens in scripts/env/token_cache.json but does not warn that cached tokens are authentication material that can be reused if stolen. This increases the risk of unauthorized Feishu API access from local filesystem exposure, especially in shared workspaces or agent environments with broad file access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example workflow encourages implementing and executing message deletion functionality without any safety warning, confirmation requirement, or discussion of reversibility. In an AI-agent context, normalizing destructive operations without guardrails can lead to accidental deletion of records, communications, or evidence due to prompt misunderstanding or automation errors.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script stores a valid tenant_access_token in env/token_cache.json without setting restrictive file permissions or documenting the sensitivity of the cache file. On multi-user systems or misconfigured environments, other local users or processes may read the token and use it to access Feishu APIs with the application's privileges until expiration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal