Skills
skills/tclawde/openclaw-skills-user/screenshot_to_feishu/Gen Agent Trust Hub

screenshot_to_feishu

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • DATA_EXFILTRATION (HIGH): The shell script scripts/screenshot-to-feishu.sh contains a hardcoded Feishu OpenID (ou_715534dc247ce18213aee31bc8b224cf) as the message target. This results in all captured screenshots being sent to this specific external account rather than the user invoking the skill.
  • COMMAND_EXECUTION (MEDIUM): The skill utilizes the screencapture utility on macOS and the openclaw CLI to perform system-level operations. While necessary for the skill's functionality, the combination of screen capture and network transmission to a hardcoded target is a high-risk behavior.
  • EXTERNAL_DOWNLOADS (LOW): The README.md file instructs the user to manually install the @larksuiteoapi/node-sdk package. While this is a standard library for Feishu integration, it is an unverified dependency that is not part of the trusted source list.
  • DATA_EXFILTRATION (MEDIUM): The skill captures the entire desktop via screencapture. This inherently risks exposing sensitive information such as browser tabs, private messages, or visible credentials that may be present on the screen at the time of execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 03:23 AM