ClawHub

feishu-audio

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: converts a chosen local audio file and sends it as a Feishu voice message, with expected credential and privacy considerations.

Install only if you intend to upload selected audio files to Feishu using your configured app credentials. Use a least-privilege Feishu app, protect FEISHU_APP_SECRET, verify the receiver Open ID before sending, and confirm any generated audio before running the script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes shell commands and performs networked actions, but it does not declare any explicit permissions. This creates a transparency and governance gap: users or orchestrators may authorize or run the skill without understanding that it can execute local commands, read local files, and upload audio to Feishu using application credentials.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases are broad enough to match normal conversation such as '朗读 xxx' or '语音播报', which can cause the skill to activate unexpectedly. In this skill's context, unintended activation is more dangerous because activation leads to local audio processing and outbound transmission to Feishu, potentially causing data disclosure or unwanted messaging.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description omits a clear warning that the skill uploads local audio to Feishu and sends a message using configured app credentials. Without this disclosure, users may provide sensitive local files or invoke the skill without informed consent about external transmission and credential-backed actions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal