Back to skill

Security audit

feishu-attendance

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: check Feishu attendance, optionally message employees, and report results to an admin.

Install only for an approved Feishu attendance workflow. Confirm the bot's visible user scope, set FEISHU_ADMIN_ID to the intended admin recipient, run --dry-run first, and enable --notify only after employees and policy owners expect these alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill description says it reports attendance issues to an admin, but the implementation can also directly message employees when --notify is enabled. This creates a scope/behavior mismatch and can surprise operators or affected users, especially because attendance status is sensitive HR data and the DMs may be sent based on incomplete or mistaken records.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill handles potentially sensitive HR information but does not prominently warn that it sends attendance-related notifications and admin reports. In this context, lack of transparent disclosure is risky because attendance status can reveal employment and behavioral information, and unexpected messaging/reporting can create privacy, compliance, and insider-misuse concerns.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script can send attendance-status DMs to employees with only a CLI flag as the disclosure/control mechanism. Because lateness, absence, and early-leave status are sensitive personnel data, insufficient transparency and guardrails can lead to unauthorized or unexpected notifications, reputational harm, and privacy complaints if the tool is run by the wrong operator or on incorrect data.

VirusTotal

No VirusTotal findings

View on VirusTotal