Back to skill

Security audit

Content System Feishu Bitable Sync

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a legitimate Feishu Bitable sync tool, but it can mutate and clear external table records without an enforced confirmation step.

Install only if you intentionally want this skill to write to the configured Feishu Bitable. Use least-privileged Feishu credentials, run it only after reviewing the report, verify the app token/table ID, and avoid untrusted Markdown inputs because they can point the skill at unexpected local JSON files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill description indicates it reads environment variables and local files and writes output files, but it does not declare permissions for those capabilities. Undeclared access reduces transparency and weakens policy enforcement, making it harder for users or a runtime to understand and constrain what the skill can access. In this context the accesses appear aligned with the stated purpose, so the issue is more about insecure capability declaration than overtly malicious behavior.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The code performs live Feishu record creation, updates, and clearing immediately when `run_feishu_bitable_sync` is invoked, but there is no in-code verification that the user actually reviewed the report or confirmed the sync. This creates an integrity risk where an agent, wrapper, or accidental invocation can mutate external data stores without the explicit approval promised by the skill description.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.