Feishu Suite

Security checks across malware telemetry and agentic risk

Overview

This Feishu integration is broad and should be used carefully, but its requested access is disclosed, purpose-aligned, and not backed by hidden code or deceptive behavior.

Install only if you intend to give an assistant broad Feishu workspace authority. Use explicit Feishu-specific requests, confirm recipients and target documents/calendars/tasks/tables before writes, and prefer the least-privileged Feishu app scopes your workflow can tolerate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description includes very broad terms like '文档', '日程', '任务', and '协作', which are common in ordinary enterprise conversation and can cause the skill to activate unintentionally. Because this skill can send messages, modify documents, create calendar events, and update tasks, accidental invocation could lead to unintended actions against real organizational data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal