ClawHub

Feishu → XHS Publisher

Security checks across malware telemetry and agentic risk

Overview

The skill matches its publishing purpose, but it includes exposed Feishu credentials and can upload content through a fixed Feishu account by default.

Review before installing. Do not run this on confidential documents unless the embedded Feishu credentials are removed, the exposed secret is rotated by its owner, and the script is changed to require your own scoped FEISHU_APP_ID, FEISHU_APP_SECRET, and FEISHU_OWNER_ID.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file embeds a Feishu appId, appSecret, and a fixed owner open_id directly in the skill documentation. Hard-coded credentials are highly sensitive secrets; anyone with access to the skill can reuse them to call Feishu APIs, potentially read or modify documents, upload content, or impersonate the application within the scope of the token. The fixed owner identifier also suggests actions may be routed to a specific account, increasing the risk of unauthorized data access or misuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains hardcoded fallback Feishu AppId, AppSecret, and owner open_id, which are usable credentials for an external service account. Anyone with access to the skill code can reuse those values to create or manipulate documents under that Feishu app context, expanding access beyond the stated image-post publishing workflow.

Missing User Warnings

High
Confidence
99% confidence
Finding
The README-level documentation exposes a live Feishu app secret in plain text with no masking, warning, or secure handling instructions. Documentation is often broadly accessible, so publishing a secret here materially increases the likelihood of credential theft and unauthorized API use. In the context of a skill that reads and writes Feishu documents, compromise of this secret can directly enable unauthorized access to user content and document manipulation.

Missing User Warnings

High
Confidence
99% confidence
Finding
Using hardcoded Feishu credentials and owner ID as silent fallbacks means the script will operate with privileged external account access even when the user did not explicitly provide credentials. In the context of a publishing skill that transforms user documents and images, this is especially dangerous because it can route user content into a preconfigured third-party Feishu tenant or permit unauthorized API use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal