ClawHub

日程协办虾

Security checks across malware telemetry and agentic risk

Overview

This Feishu calendar skill mostly matches its scheduling purpose, but it handles sensitive calendar access and tenant tokens with weak scoping and unsafe token caching.

Review before installing. Prefer the OAuth-based openclaw-lark plugin path, require explicit confirmation before any calendar write, delete, RSVP, attendee invite, document search, or sync subscription, and avoid the fallback script on shared machines unless its token cache is moved to a private permission-restricted location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill explicitly instructs fallback use of a shell script (`scripts/feishu-calendar.sh`) and direct curl-based API calls, but it declares no permissions for shell execution. This creates a capability/permission mismatch that can bypass expected review boundaries and lead to execution of networked shell commands handling secrets such as Feishu app credentials and access tokens.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation language is very broad and overlaps with common conversational phrases about meetings, schedules, and preparation. Over-triggering a skill that can create, modify, invite, reply to, or delete calendar events increases the chance of unintended high-impact actions or unnecessary access to calendar/document data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script caches a Feishu tenant access token in /tmp/feishu_token_cache, a shared and commonly accessible location, without setting restrictive file permissions or using a secure credential store. On multi-user systems or insecure environments, another local process or user could read or replace the token, enabling unauthorized API access to calendars and related tenant data.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal