agent-creator-feishu

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps create an OpenClaw agent and bind it to a Feishu group, with sensitive but disclosed configuration changes that match that purpose.

Install this only if you want an assistant that can create OpenClaw agents and bind them to Feishu groups. Before approving use, check the Agent Card, group ID, administrator identity, and understand it may create local workspace files, modify OpenClaw allowlist/routing state, and store setup notes in memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises broad trigger phrases such as '帮我搭建一个 agent' and '我想做一个新的 agent', which are natural-language requests that can plausibly appear in normal discussion. In an agent that creates workspaces, writes configuration files, and binds chat groups, overly broad activation increases the chance of accidental invocation and unintended administrative actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs the agent to create local workspaces, write multiple config files, bind a Feishu group, and update persistent memory, but it does not require a clear user-facing warning or consent boundary for these sensitive operations. Because these actions affect system state, chat routing, permissions, and stored data, omission of risk notice and explicit authorization can lead to unauthorized changes or privacy-impacting mistakes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal