Back to skill

Security audit

飞书多维表格文件上传

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it handles Feishu app secrets and access tokens in ways that could expose credentials in logs, shell history, or process listings.

Review before installing. Use a least-privileged Feishu app, prefer protected environment variables or a secret manager over command-line secrets, avoid running it where command lines or logs are shared, and rotate the App Secret or tenant token if either may have appeared in logs or transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script explicitly accepts the Feishu App Secret via a command-line flag and even documents that usage in the help text. Command-line arguments are commonly exposed through process listings, shell history, audit logs, and job runners, so this creates unnecessary credential exposure beyond the skill's core purpose of uploading files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script handles sensitive credentials and encourages passing the App Secret on the command line without any warning about exposure risk. This increases the chance of accidental disclosure through shell history, process inspection, CI logs, and support transcripts, making credential compromise more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.