100Critical
This skill is vulnerable to prompt and command injection, ex
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Meego (飞书项目) Skill: 通过 MCP 服务连接 Meego(飞书项目),支持 OAuth 认证。
Actually does
The skill uses `npx` to execute the `@lark-project/meego-mcporter` tool. This tool manages OAuth authentication with Meego (Feishu Project) by storing credentials in `~/.mcporter/credentials.json` and using `meego-config.json` for configuration. It facilitates both browser-based and remote OAuth flows, and then uses the `meego-mcporter` tool to call Meego APIs for querying and managing work items.
Skill Info
Namewadxm/feishu-project-connector
Registryclawhub
Version1.0.10
PURLpkg:clawhub/wadxm/feishu-project-connector@1.0.10
Stars1
Downloads1,350
Installs9
Source
SHA-256a6ba953ebe05...
SHA-1b4dced15ac91...
MD5d7de2e10eec0...
TLSH749196290531...
ssdeep48:Zwa6M6rbK...
Size4,436 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install wadxm/feishu-project-connectorAssessments (2)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.95)
95% confidence
Sensitive Credential Handling and User Data Writecriticalcredential theft
The skill instructs the agent to receive user-provided authorized credentials and write them directly to `~/.mcporter/credentials.json`. This process, if compromised, could allow an attacker to inject malicious content into the credentials file or exfiltrate the received sensitive data.
100% confidenceline 98
在得到用户确认后,将其写入 `~/.mcporter/credentials.json`。
Command Execution with Dynamic Argumentshighcommand execution
The skill executes external commands using `npx @lark-project/meego-mcporter call meego <tool_name>`. The `<tool_name>` argument is dynamic, and if not properly sanitized or constrained by the agent, could lead to command injection or unintended actions via the `meego-mcporter` tool.
90% confidenceline 109
npx @lark-project/meego-mcporter call meego <tool_name> --config meego-config.json
Direct File System Access for Configurationlowpersistence
The skill performs direct file system operations, including copying `meego-config.json` and reading/writing `~/.mcporter/credentials.json`. While necessary for its functionality, this capability could be abused for unauthorized file access or modification if the agent's permissions are overly broad.
70% confidenceline 60
将技能包目录中的 `meego-config.json` 拷贝到工作目录下; 读取 `~/.mcporter/credentials.json` 的内容
Third-Party npm Package Execution via npxmediumsupply chain
The skill relies on executing a third-party npm package (@lark-project/meego-mcporter) via npx, which fetches and runs the latest version of an external package at runtime. This introduces supply chain risk — a compromised or malicious package version could execute arbitrary code with the agent's privileges.
65% confidenceline 50
npx @lark-project/meego-mcporter auth meego --config meego-config.json npx @lark-project/meego-mcporter call meego <tool_name> --config meego-config.json
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/wadxm/feishu-project-connector)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/wadxm/feishu-project-connector"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/wadxm/feishu-project-connector.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/wadxm/feishu-project-connector.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow