Back to skill

Security audit

openclaw自动化配置飞书,几乎不要人手动干预,测试成功

Security checks across malware telemetry and agentic risk

Overview

This Feishu automation skill is not clearly malicious, but it asks for sensitive Feishu authority and can generate credential-bearing code without enough user control or scoping.

Install only if you are comfortable reviewing generated code before use. Use a dedicated low-privilege Feishu test app, avoid tenant/admin-wide scopes, do not pass production tokens unless necessary, and check any files created under solutions for embedded secrets before committing or running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The configuration enables management-style capabilities such as drive_management, wiki_access, and permission_management while the declared OAuth scopes are read-only. This mismatch can cause the surrounding application or operators to assume stronger access exists, leading to insecure fallback behavior, overbroad code paths, or later permission expansion without proper review.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script advertises a testing and validation framework, but `test_solution()` returns simulated success without actually executing or validating the generated code. This can mislead users into trusting generated integration code that may be broken, insecure, or incomplete, increasing the chance of unsafe deployment.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is designed to activate on broadly phrased Feishu-related problems rather than a narrowly scoped task, which can cause it to engage in contexts where the user did not intend autonomous troubleshooting or implementation. In an agent setting, over-broad triggering increases the chance of unnecessary credential handling, external API interaction, or unintended actions across Feishu resources.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes generated code directly into the workspace without interactive confirmation, review gating, or path safety controls beyond a fixed subdirectory. In an agent skill context, automatic file creation can overwrite expected project state or introduce unreviewed code that users may later execute.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest describes the skill as automatically solving Feishu integration problems by researching, selecting solutions, and implementing automation approaches, which is an unusually broad and agentic scope. Combined with capabilities like web search, file operations, API integration, and authentication management, this can enable high-impact actions without clear task boundaries or user confirmation, increasing the chance of unsafe changes or misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest advertises sensitive capabilities including file operations and authentication management, but provides no user-facing warning, consent model, or restrictions on how credentials and local files are accessed. In a skill intended to automate third-party integrations, this materially raises the risk of credential exposure, unauthorized file modification, or silent persistence of secrets.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Feishu Integration Solver Skill Dependencies
lark-oapi>=1.4.8
requests>=2.31.0
python-dotenv>=1.0.0
pydantic>=2.0.0
Confidence
92% confidence
Finding
lark-oapi>=1.4.8

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Feishu Integration Solver Skill Dependencies
lark-oapi>=1.4.8
requests>=2.31.0
python-dotenv>=1.0.0
pydantic>=2.0.0
Confidence
97% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Feishu Integration Solver Skill Dependencies
lark-oapi>=1.4.8
requests>=2.31.0
python-dotenv>=1.0.0
pydantic>=2.0.0
Confidence
90% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
lark-oapi>=1.4.8
requests>=2.31.0
python-dotenv>=1.0.0
pydantic>=2.0.0
Confidence
93% confidence
Finding
pydantic>=2.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
76% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
90% confidence
Finding
pydantic

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.