ClawHub

lark-doc-reviser

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu/Lark document editing helper, but it can modify live documents, resolve comments, and save document content locally.

Install only if you intend to let an agent use your authenticated lark-cli account to read and edit Feishu/Lark documents. Review the fetched comments and generated patch JSON before applying changes, confirm before resolving comments, verify the document token, and delete workspace state files when they contain sensitive document content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes local Python scripts, writes files under workspace/, uses shell commands, and interacts with Lark APIs via lark-cli, but it declares no permissions or trust boundaries. That mismatch can cause the agent or reviewer to underestimate its ability to perform networked document modification and local file writes, increasing the chance of unsafe execution in environments that rely on declared permissions for policy enforcement.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script's behavior does not match the skill description: instead of reading/showing unresolved comments or revising content, it marks comments as resolved. In this skill context, that is dangerous because invoking the skill could silently destroy review state or conceal unresolved feedback, causing integrity loss in collaborative documents.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script performs bulk authenticated document edits and each target block's elements are fully replaced, but the execution path only prints a generic update count and does not require explicit confirmation or show a destructive preview. In this skill's context—automatically revising a Feishu document based on comments—this increases the chance of unintended or over-broad content loss if patches are wrong, stale, or maliciously influenced.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal