Feishu Channel Integration for Nanoclaw
Security checks across malware telemetry and agentic risk
Overview
This appears to be a genuine Feishu/Lark channel integration, with expected bot credentials and persistent chat access disclosed in the setup instructions.
Install only if you want NanoClaw connected to Feishu as a persistent bot. Use a dedicated Feishu app, keep the app secret out of version control, add the bot only to trusted chats, prefer trigger-required group registrations unless everyone in the chat should be able to invoke the assistant, and verify the JID prefix during setup because the docs and code differ.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.