Back to skill

Security audit

Feishu Voice Message

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a text-to-speech helper that creates Feishu-compatible audio files, with dependency and privacy caveats but no evidence of hidden, destructive, or credential-stealing behavior.

Install only if you are comfortable with local command execution, FFmpeg, and the separate Edge TTS helper path. Avoid converting confidential text unless your organization permits those TTS and Feishu services, and confirm the target chat before sending generated audio.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises simple document-level behavior but clearly instructs execution of shell commands and implies access to environment-dependent tooling without declaring those capabilities. This creates a trust and review gap: users or platforms may authorize the skill under false assumptions, while the skill can invoke local tools like Python, npm, and ffmpeg that may access local files, networked package sources, or inherited secrets.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially differs from the detected behavior: it claims direct Feishu voice-message generation/sending, but actually depends on an external Edge TTS toolchain and a separate skill path, and may only produce an OPUS file for manual upload. This is dangerous because hidden cross-skill dependencies and overstated capabilities can cause users to run unreviewed components, expose data to external services, or trust the skill with actions it does not transparently perform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.