Pywayne Lark Custom Bot
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Lark/Feishu bot helper, but it can post visible messages and uses sensitive bot credentials.
Install only if you intend to let the agent help send Lark/Feishu bot messages. Protect the webhook, signing secret, app ID, and app secret; verify the external pywayne package before using real credentials; and require confirmation before posting to shared channels, sharing chats, uploading sensitive images, or using @all mentions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.