Back to skill

Security audit

feishu-bitable

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: use Feishu credentials to list Bitable tables and add records, with no evidence of exfiltration, persistence, or deception.

Install only if you intend this skill to modify the configured Feishu Bitable. Store FEISHU_APP_SECRET only in environment variables or a secret store, use a least-privilege Feishu app, and verify the hardcoded app/table targets point to the workspace you expect before running add-record commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documentation explicitly requires `FEISHU_APP_ID` and `FEISHU_APP_SECRET` but does not warn that these are sensitive credentials, how they should be stored, or that the skill will use them to access Feishu resources. This increases the risk that users will expose secrets in source files, logs, or prompts, leading to unauthorized access to Feishu Bitable data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs a state-changing remote write to a Feishu Bitable table using hardcoded target identifiers and immediately executes main(), with no user confirmation, dry-run mode, authorization check, or safeguard against accidental invocation. In an agent/skill context, this is risky because running the skill automatically can create records in a real production workspace, causing unauthorized data modification or spam even if the code appears intended for normal task entry.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code silently retrieves a tenant access token and uses it to make authenticated API calls to Feishu without any disclosure, scope restriction visible in this file, or user awareness that privileged credentials are being used. In a skill ecosystem, hidden credential use increases risk because a seemingly simple task-entry script can perform authenticated actions against organizational resources, making unintended or unauthorized writes more dangerous.

VirusTotal

No VirusTotal findings

View on VirusTotal