ClawHub
Back to skill

Security audit

Feishu Video Message

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a chosen video to Feishu and sends it to a specified chat, using local Feishu credentials.

Install only if you want agents to send videos through your Feishu app. Confirm the configured Feishu credentials are least-privilege, pass only the intended current chat as --receive-id, and do not use --file or --url for private media unless you intend to upload it to Feishu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, but its documented behavior clearly involves local file access, network downloads/uploads, and execution of external binaries like ffmpeg/ffprobe. This mismatch weakens security review and user consent because the agent can perform broader actions than the manifest transparently communicates.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill accepts a remote URL, downloads the referenced video locally, and then uploads that content to Feishu, but the description does not clearly warn users that third-party content will be transmitted to an external service. This creates a privacy and data-handling risk, especially if the URL points to sensitive or access-controlled media that the user did not intend to relay onward.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill states that Feishu credentials are automatically read from a local config file, but it does not warn users that locally stored tokens will be used to perform external API actions on their behalf. This can lead to unintended use of privileged credentials or confusion about which account and permissions are involved.

External Transmission

Medium
Category
Data Exfiltration
Content
def get_tenant_access_token(app_id: str, app_secret: str) -> str:
    resp = requests.post(
        FEISHU_TOKEN_URL,
        json={"app_id": app_id, "app_secret": app_secret},
        timeout=15,
Confidence
83% confidence
Finding
requests.post( FEISHU_TOKEN_URL, json=

External Transmission

Medium
Category
Data Exfiltration
Content
"msg_type": "media",
        "content": json.dumps(media_content),
    }
    resp = requests.post(
        FEISHU_SEND_MSG_URL,
        headers=headers,
        params=params,
Confidence
90% confidence
Finding
requests.post( FEISHU_SEND_MSG_URL, headers=headers, params=params, json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.