ClawHub

Zoe飞书媒体发送

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by sending local images to Feishu, but it also depends on an unreviewed parent-directory helper while handling Feishu credentials and message-sending authority.

Review before installing. Use a least-privilege Feishu app, keep App Secret out of chat and code, confirm the exact image path and chat/user ID before each send, and verify or remove the parent-relative JavaScript helper dependency before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'data' from os.environ.get (line 56, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"app_secret": app_secret
        }
        
        response = requests.post(url, headers=headers, json=data)
        result = response.json()
        
        if result.get("code") != 0:
Confidence
98% confidence
Finding
response = requests.post(url, headers=headers, json=data)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match common user requests like '发图片' or '发送图片', which can cause this skill to activate in situations where the user did not specifically intend to send a local file to Feishu. In this skill's context, unintended activation is more dangerous because it can lead to transmission of local images to an external messaging platform, creating privacy and data leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not prominently warn users that it sends local files from the host system to an external Feishu chat or user. Because the skill handles local image paths and external transmission, missing disclosure increases the chance that users or downstream agents will expose sensitive screenshots, documents, or design assets without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal