ClawHub

Feishu Connect 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Feishu bot setup helper, but it handles Feishu app credentials and should be used as a sensitive setup flow.

Install only if you expect the agent to contact Feishu directly and handle the generated Feishu App ID and App Secret. Treat the setup session as sensitive: avoid sharing logs or transcripts, verify the Feishu URL before completing setup, and rotate or revoke the Feishu secret if it is exposed or no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to retrieve `client_id` and `client_secret` after the user completes setup and continue using them, but it provides no warning that these are sensitive credentials or guidance on how to protect them. In an agent setting, this increases the risk of accidental disclosure in chat, logs, shell history, or downstream tools, especially because the credentials are then reused in later steps.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to run shell commands and make outbound HTTP requests to Feishu endpoints, but it never warns the user that local command execution and network access will occur. This is risky because users may not realize the agent is contacting external services and persisting session cookies in `/tmp`, which has privacy and security implications.

Ssd 3

High
Confidence
97% confidence
Finding
The metadata description itself instructs the agent to poll for and obtain `client_id/client_secret`, then proceed with additional configuration using them. Embedding secret collection as the core skill behavior normalizes handling of highly sensitive credentials without any guardrails, increasing the chance of over-collection, retention, or disclosure.

Ssd 3

High
Confidence
98% confidence
Finding
This workflow explicitly tells the agent to poll until it obtains `client_id` and `client_secret`, treat them as `App ID` and `App Secret`, and then use them in subsequent setup and pairing steps. That creates a direct secret-collection pipeline inside the agent, which is dangerous because the secrets may be exposed in memory, logs, outputs, temp storage, or later tool invocations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal