飞书Bitable管理工具

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Feishu Bitable helper whose data-changing instructions are disclosed and aligned with managing Bitable tables and records.

Install this only if you want your agent to operate on Feishu Bitable data. Use least-privilege Feishu access, confirm the target app and table before bulk updates or deletes, and treat delete operations as irreversible even though the skill itself contains no executable code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger guidance includes very broad generic nouns like '数据表', '记录', and '字段', which can appear in many unrelated contexts and may cause the agent to invoke this skill when the user did not intend Feishu Bitable operations. In a write-capable enterprise data management skill, unintended invocation increases the risk of acting on the wrong system or performing accidental data access/modification.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal