ClawHub

Feishu Voice Sender (ZheYanyan)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses Feishu credentials to upload a chosen audio file and send it as a Feishu voice message.

Install only if you intend to let this skill use your local OpenClaw Feishu app credentials to upload selected audio files and send Feishu messages. Keep the Feishu app permissions narrow, protect ~/.openclaw/openclaw.json, and verify the file path and recipient ID before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script reads Feishu app credentials from ~/.openclaw/openclaw.json even though the visible interface only advertises sending an audio file. This creates implicit access to locally stored secrets without explicit user disclosure or consent, which expands the trust boundary and could enable unintended credential use if the skill is invoked in a broader agent context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to send audio to Feishu and the code later reads Feishu credentials from local config, but the skill does not clearly warn that audio content, recipient identifiers, and authentication-derived requests will be transmitted to a third-party service. In a messaging skill, this omission increases the risk of accidental sensitive-data disclosure because users may treat it as a local formatting/conversion tool rather than an uploader/sender.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code silently consumes credentials from a local OpenClaw configuration file without warning the user at runtime. In an agent or automation setting, undisclosed secret access is dangerous because users may not realize the skill can authenticate as their Feishu application and perform API actions on their behalf.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal