ClawHub

飞书知识管理

Security checks across malware telemetry and agentic risk

Overview

This Feishu knowledge-management skill is not malicious, but it asks for broad automatic write and scheduled cleanup authority without enough user controls.

Install only if you intend to let the agent write to Feishu. Use a limited-permission Feishu account, configure a specific folder or knowledge base, require confirmation before saving or reorganizing content, and avoid enabling the daily cron task unless you have dry-run review, logs, rollback, and an easy way to disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs creating a daily cron job via `openclaw cron add`, which extends behavior from on-demand knowledge management into persistent scheduled execution. That creates an additional autonomous capability that can repeatedly modify Feishu content without fresh user approval, increasing the risk of unintended actions, abuse, or silent data handling over time.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include broad terms such as “整理知识”, “存入知识库”, and “归纳要点”, which could match many ordinary conversations and invoke the skill when the user did not intend external fetching or Feishu writes. In this context, accidental invocation is more dangerous because the skill can retrieve remote content and automatically create or update documents in a knowledge base.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description does not clearly warn users that the skill may fetch content from external links and then automatically write the raw content and summaries into Feishu documents and a knowledge base. This lack of disclosure undermines informed consent and can lead to privacy, confidentiality, or compliance issues if sensitive or copyrighted material is ingested and stored automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal