ClawHub

Feishu Speaker

Security checks across malware telemetry and agentic risk

Overview

This Feishu voice skill can upload and send audio using a local app secret, but it defaults to hardcoded Feishu app and recipient IDs and ships less functionality than it advertises.

Review before installing. Replace the hardcoded app_id and receiver_id with your own explicit configuration, require a recipient on every send, and use a minimally scoped Feishu app secret. Treat any audio file passed to the script as data that may leave your machine and be delivered through Feishu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs users to run shell commands and install global/system dependencies, but the skill does not declare corresponding permissions. Undeclared shell capability weakens reviewability and consent, because operators may approve a seemingly harmless skill without understanding that it relies on command execution and local toolchain access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
A description-behavior mismatch is a serious trust and safety issue here because the skill claims local voice transcription/TTS features, while the analysis indicates those features are not actually implemented and that it may instead send messages to a hardcoded Feishu recipient. This can mislead users into supplying secrets, audio, or trusting automation under false assumptions, and the hardcoded receiver creates risk of unintended data transmission to an attacker-controlled or unauthorized account.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script silently reads a sensitive credential from a predictable local path without any user-facing disclosure, confirmation, or audit trail. In an agent skill context, undisclosed secret access is risky because users may trigger the skill expecting voice handling, not credential consumption from their home directory.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script uploads a local audio file to Feishu and sends a message without clearly warning that local user data leaves the host. In an agent setting, silent off-host transmission of local files can expose private voice content or sensitive recordings if the wrong file path is supplied.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal