ClawHub

飞书会议纪要AI

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for generating Feishu meeting minutes, but it can read private workspace content and send notes without clearly requiring source and recipient confirmation.

Install only if you are comfortable giving the agent access to Feishu meeting documents, group chats, and tables. Before use, require it to confirm the exact sources, date range, generated minutes, and recipients, and prefer draft-only output unless you explicitly approve sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger includes a broad natural-language phrase ('帮我总结今天飞书群聊里的会议讨论,生成纪要') that can match ordinary user requests without strong scoping or confirmation. In a skill that reads chat, docs, and can send generated minutes to group chats, loose invocation increases the chance of unintended activation, causing over-collection of workspace data or accidental disclosure of summaries to the wrong audience.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises reading Feishu documents, chat logs, and bitable records, and also sending minutes to specified group chats, but does not clearly warn users that private or sensitive content may be accessed and redistributed. This creates a meaningful privacy and confidentiality risk because meeting minutes often contain internal decisions, attendee identities, action items, and customer information, and users may not realize the skill can both ingest and broadcast that data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal