Back to skill

Security audit

Feishu Proactive Messenger

Security checks across malware telemetry and agentic risk

Overview

This skill openly sends Feishu text messages using configured Feishu credentials; the main risk is accidental sending to a configured default recipient if used by an untrusted agent.

Install only if you want trusted agents to send proactive Feishu messages from your configured bots. Check each account's defaultTo target, prefer explicit --agent and --receive-id for sensitive sends, and avoid passing secrets or confidential content as message text unless that outbound message is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires environment access, local file reads, and outbound network access, yet the manifest declares no explicit permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke a capability that can read credentials from local config and send external messages without an obvious permission prompt or review boundary.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Describing the skill as designed for 'all agents' broadens activation scope for a capability that can proactively message external recipients using account-bound credentials. In multi-agent environments, this increases the chance of unintended use, cross-agent impersonation, or abuse by agents that should not have outbound messaging authority.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill emphasizes proactive outbound messaging and supports sending to a configured default recipient, but it does not prominently warn that messages may be sent without interactive user confirmation. That makes accidental exfiltration, unauthorized notifications, or social-engineering messages more likely, especially when defaultTo is configured and no explicit receive-id is supplied.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly advertises proactive outbound messaging and access to Feishu credentials/default recipients, but it does not surface any user-facing warning about privacy, recipient scope, or the fact that the skill can send messages without an inbound user prompt in the channel. In this context, that omission is security-relevant because the skill’s core purpose is autonomous message delivery using stored secrets, which increases the risk of accidental data disclosure, spam, or misuse if invoked improperly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.