ClawHub

Feishu Bot Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to manage Feishu bots, but it stores sensitive app secrets and makes broad persistent OpenClaw configuration changes with limited warning.

Install only if you are comfortable letting this skill modify your OpenClaw configuration. Use non-production Feishu credentials where possible, protect ~/.openclaw/openclaw.json and its backups, avoid pasting secrets into shared chats or shell history, restrict Feishu allow lists after adding a bot, and confirm the target botId before update or delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill enables direct configuration changes and requires users to provide sensitive credentials such as app secrets, but it does not include any warning about secret handling, logging risks, access control, or the operational impact of modifying bot configuration. In an agent environment, users may paste real secrets into chat or trigger destructive changes without understanding that the action updates persistent config and may require service restarts, increasing the chance of credential exposure or unsafe administrative changes.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script handles and persists Feishu app secrets in plaintext within the OpenClaw config and accepts them on the command line, which can expose secrets via shell history and process listings. The info/update flows avoid printing the secret value itself, but the storage and input mechanisms still create credential exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal