Feishu(Lark)Multi-Agent Tool-Use Patch

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed one-time OpenClaw/Feishu patching skill with operational risk, but no evidence of hidden malicious behavior.

Use this only when you intentionally want to patch openclaw-lark. Work from a git branch or backup, review the final diff, restart the Gateway yourself, test low-impact Feishu actions first, and remove or disable the skill after use. Do not send or run skill archives from untrusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document explicitly tells operators they can send a skill archive to the OpenClaw bot in Feishu chat and that the bot will automatically read and execute its workflow instructions. That normalizes execution of uploaded instruction payloads from chat without requiring provenance checks, review, signing, or sandboxing, which creates an instruction-injection and untrusted code/workflow execution risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The document instructs users that they can send the skill package directly to an OpenClaw/Feishu chatbot and that the bot will automatically read and execute the packaged instructions. Treating a packaged skill as executable instructions in a chat workflow creates a prompt-injection and unintended code-modification risk, especially because the same document is designed to alter source code and runtime behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal