Feishu Bitable Ops

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu/Lark Bitable helper that creates and populates tables using configured app credentials, with no evidence of hidden or unrelated behavior.

Install only if you intend to let the agent create and populate Feishu/Lark Bitable documents using your configured Feishu app. Review the app permissions, use a least-privilege Feishu app where possible, and confirm table names, target records, and admin user IDs before asking it to create or modify tables.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent how to create, update, batch-create, and delete Feishu Bitable records, but it provides no guardrails such as requiring explicit user confirmation, warning about destructive effects, or recommending a dry-run/read-first workflow. In an agent setting, this omission can lead to unintended data modification or deletion if the model applies the skill too eagerly or to the wrong table/token.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal