Hire Feishu Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill coherently helps add a Feishu agent to OpenClaw, but users should handle the Feishu App Secret and persistent routing changes carefully.

Before using, back up openclaw.json, use a dedicated minimal-permission Feishu app, avoid pasting real app secrets into shared chats or committed files, review the final merged config, and record the added account/agent/binding so you can remove it later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the user to provide a Feishu App Secret and place it into a plaintext local configuration file, but it gives no warning about credential sensitivity, storage risks, redaction, or safer handling methods. This increases the chance of secret exposure through shell history, screenshots, backups, logs, shared machines, or accidental check-in of configuration files.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation includes credential-bearing fields such as appId and appSecret with realistic-looking example secret values, but provides no warning to use placeholders, environment-backed secret injection, or secret managers. In an agent skill that guides users to configure a live Feishu integration, this increases the risk that operators will paste real credentials into files, commit them to source control, or expose them through logs and screenshots.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal