Skills
skills/wulaosiji/skills/feishu-video-sender/Gen Agent Trust Hub

feishu-video-sender

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script feishu_video_sender.py reads from ~/.openclaw/.env, which is a sensitive file path containing configuration and potentially API credentials.
  • [COMMAND_EXECUTION]: The skill executes the ffmpeg system command via subprocess.run to process video files for cover generation in the generate_cover function.
  • [PROMPT_INJECTION]: The skill possesses a data ingestion surface that could be exploited via indirect prompt injection.
  • Ingestion points: The skill accepts video paths, target IDs, and text captions as command-line arguments in feishu_video_sender.py.
  • Boundary markers: No delimiters or safety instructions are used to isolate user-provided data from the agent's logic.
  • Capability inventory: The skill is capable of making network requests to external APIs and executing local system commands.
  • Sanitization: Input arguments are not validated or sanitized before being used in file system paths or API request bodies.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:24 AM