Is jypjypjypjyp/feishu-messaging safe?
https://github.com/openclaw/skills/tree/main/skills/jypjypjypjyp/feishu-messaging
The feishu-messaging skill is a documentation-only skill containing Python code samples for the Feishu Open Platform API. No prompt injection, hidden instructions, auto-executing code, malicious git hooks, or active data exfiltration attempts were detected during installation. The primary residual risk is that the declared file upload and message-sending capabilities create a secondary exfiltration surface if the agent is later manipulated by downstream prompt injection.
Category Scores
Findings (4)
LOW File upload API creates potential exfiltration surface -12 ▶
Section 4 of SKILL.md documents file upload via client.im.v1.file.create(). While the code sample hardcodes a specific filename, an agent following this pattern could be directed by a malicious user prompt or secondary prompt injection to open and upload arbitrary local files to Feishu, including sensitive files like .env or SSH keys.
LOW Python code samples include local file open() calls -10 ▶
The image and file upload examples use Python's open() to read local files before uploading. Though presented as documentation, an LLM agent may execute these patterns directly with attacker-influenced filenames.
INFO Outbound messaging capability is a secondary exfiltration vector -5 ▶
Once configured with a Feishu app credential, the agent has the ability to send arbitrary text messages and files. Combined with another skill that reads local files, this creates a complete data exfiltration chain.
INFO Canary file accesses are attributable to monitoring system 0 ▶
inotify and auditd logs show canary file opens at timestamps pre-dating the git clone. These are the monitoring system's baseline and post-check reads (all CLOSE_NOWRITE). The skill itself performed no sensitive file reads.