ClawHub

feishu voice reply

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can automatically send Feishu voice messages and send text to Microsoft TTS with weak scoping and inconsistent privacy disclosure.

Install only after confirming you are comfortable with selected chat text being sent to Microsoft for speech generation and the resulting audio being sent through your Feishu bot. Use limited Feishu bot permissions, prefer explicit user confirmation or a dedicated command prefix, avoid sensitive or regulated text, and review the unpinned edge-tts install source before using it in a managed environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill claims to provide automatic Feishu voice replies via built-in messaging, but the documentation primarily describes local MP3 generation, package installation, and hypothetical message-tool usage without demonstrating the actual Feishu reply flow. This mismatch is dangerous because users may grant trust, install dependencies, or rely on automation assumptions that are not actually implemented, increasing the chance of unsafe deployment, hidden functionality in omitted files, or operational misuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are short, natural-language commands that can plausibly appear in ordinary conversation, increasing the chance that the skill activates when the user did not intend to send a Feishu voice message. In this skill, unintended invocation is more concerning because the action is externally visible and performs a networked send via the Feishu API, which can cause accidental message transmission rather than a harmless local operation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The automatic trigger is based on broad natural-language keywords such as '用语音回复' and '念给我听' without clear scope, confirmation, or channel restrictions. This can cause unintended activation, leading the agent to synthesize and send audio when the user was only discussing voice features or quoting text, which is especially risky in chat or group contexts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises Edge TTS as 'safe' and 'official' but does not clearly warn that message text may be transmitted to an external TTS service for synthesis. This omission can expose sensitive or private user content to a third party without informed consent, creating privacy and compliance risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal