ClawHub

Feishu Voice (macOS)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: converts user-provided text to audio and sends it to Feishu, with disclosed Feishu credential use and optional OpenAI TTS.

Install only if you trust this skill to use your Feishu bot credentials to send audio messages. If OPENAI_API_KEY is set, message text will go to OpenAI for speech generation; unset it to use the local macOS say fallback for more sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the use of shell commands (`curl`, `ffmpeg`, `ffprobe`, `python3`, `say`) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent may execute networked shell actions and access local configuration/secrets without users or the platform having an explicit permission boundary.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The activation guidance includes broad phrases like 'send a voice message' and any request to send audio to Feishu/Lark, which can cause the skill to trigger on ambiguous user requests. That increases the chance of unintended external transmission of user-provided content to Feishu and, when configured, OpenAI.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description says OpenAI TTS is automatically used when `OPENAI_API_KEY` is present, but it does not clearly warn that message text will be transmitted to OpenAI. This is a material privacy issue because users may believe they are only sending a message to Feishu, while their content is also sent to a third-party provider.

External Transmission

Medium
Category
Data Exfiltration
Content
### 2a. TTS → mp3 (OpenAI)

```bash
curl -s -X POST "https://api.openai.com/v1/audio/speech" \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o-mini-tts","input":"要说的文字","voice":"shimmer","response_format":"mp3"}' \
Confidence
93% confidence
Finding
curl -s -X POST "https://api.openai.com/v1/audio/speech" \ -H "Authorization: Bearer $OPENAI_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### 2a. TTS → mp3 (OpenAI)

```bash
curl -s -X POST "https://api.openai.com/v1/audio/speech" \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o-mini-tts","input":"要说的文字","voice":"shimmer","response_format":"mp3"}' \
Confidence
93% confidence
Finding
https://api.openai.com/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal