Back to skill

Security audit

Pywayne Lark Bot

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Feishu/Lark bot helper that can send, receive, upload, and download chat content, so it is usable but should be run with scoped bot credentials and clear user control.

Install only if you intend to connect an agent to Feishu/Lark. Use a dedicated least-privilege bot app, keep app_secret out of prompts/logs/shared files, confirm chat/user IDs and file paths before sending or downloading, store downloads in a controlled directory, and treat incoming listener messages and attachments as untrusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents downloading images, files, and all message resources to local paths without warning about untrusted content, sensitive data exposure, or filesystem safety. In practice, this can lead to an agent retrieving attacker-controlled files or chat attachments and writing them locally, which increases risk of privacy leakage, unsafe file handling, or inadvertent processing of malicious content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The listener functionality continuously receives and processes incoming chat messages, images, and files, but the documentation does not warn about privacy, consent, retention, or handling of sensitive content. This is risky because agents or developers may deploy message interception and automated processing without adequate notice, minimization, or safeguards, exposing private conversations and attachments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.