AI Vulnerability Tracker
ReviewAudited by ClawScan on May 18, 2026.
Overview
The skill’s main function is coherent, but it hard-codes Feishu credentials and writes to a different Feishu table than the documentation says.
Review and replace all Feishu credentials and table identifiers before installing or running this skill. Confirm the table is yours, run it manually before enabling cron, and treat collected vulnerability snippets as untrusted research content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may authenticate as a preconfigured Feishu app rather than an app or workspace you control.
The skill uses bundled Feishu app credentials by default, while the registry declares no required environment variables or primary credential. This makes the Feishu authority non-user-scoped and unclear.
appId: process.env.FEISHU_APP_ID || 'cli_a939c44a23789bd1', appSecret: process.env.FEISHU_APP_SECRET || 'aaMNP...OZHj5u'
Do not run it as-is; replace the Feishu app ID, secret, wiki token, and table ID with your own scoped credentials and confirm the app permissions.
The skill may write records to an unexpected Feishu table or workspace.
The code’s actual Feishu destination differs from the SKILL.md documented target table, which lists a different Wiki Token and Table ID. Users cannot rely on the documentation to know where records will be written.
wikiToken: 'DrCnwF8O8iV0N6kGukPcNz8nnWg', tableId: 'tblpqg2oPJvq7mk6'
Verify the target Feishu table in the code/config before use and update the documentation so it matches the actual runtime destination.
Invoking the skill, especially via cron, can add many records to a Feishu table without manual review of each item.
The skill posts each new search result to Feishu automatically when run. This is aligned with the stated tracker purpose, but it is still an external data mutation.
await feishuRequest('POST', `open-apis/bitable/v1/apps/${appToken}/tables/${CONFIG.feishu.tableId}/records`, { fields })Run it manually first, inspect the output, and only enable cron after confirming the destination and record volume are acceptable.
Future agents or users reading the Feishu table could encounter prompt-injection examples and should treat them as untrusted data.
The skill stores titles and snippets from public GitHub/WeChat results about prompt injection and jailbreaks into a persistent Feishu table. This is purpose-aligned but may preserve adversarial text.
description: item.body?.substring(0, 200) || ''
Label stored vulnerability text as untrusted research content and avoid feeding it directly into agents as instructions.