ClawHub

Feishu Sender

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Feishu/Lark sender that uses configured app credentials to send user-selected messages and files, with no evidence of hidden or destructive behavior.

Install this only if you intend to let an agent send content to Feishu/Lark. Use least-privileged Feishu app credentials, protect the app secret, verify the default chat ID, and avoid passing sensitive file paths or message content unless you explicitly want them sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares required environment variables under metadata, but it does not explicitly declare permissions for sensitive capabilities like network access and environment-secret usage. This creates a transparency and policy-enforcement gap: consumers may not realize the skill can exfiltrate data or send messages externally using stored credentials. In a messaging skill that sends content to Feishu, undocumented network/env capabilities are particularly relevant because they directly enable outbound data transfer.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill can transmit arbitrary local files and message content to an external Feishu workspace with no built-in confirmation, allowlist, or policy guard. In an agent setting, this increases the risk of unintended data exfiltration if another component passes sensitive local paths or confidential content into `send_file`, `send_batch`, or related methods.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code automatically loads credentials from environment variables or a supplied `.env` file and then uses them to authenticate to an external service without any explicit disclosure at the call site. In an agent or plugin context, silent credential use can surprise operators and expand the blast radius if an untrusted workflow triggers this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal