Security audit

Feishu Docs 1.1.1

Security checks across malware telemetry and agentic risk

Overview

This Feishu document skill does what it advertises, but it can overwrite, delete, and share live business documents without built-in confirmation safeguards.

Install only if you are comfortable giving this skill a Feishu app credential that can read, write, share, overwrite, and delete documents. Use a dedicated least-privilege Feishu app, keep FEISHU_APP_SECRET out of logs and source control, verify document IDs and recipient user IDs before running update/delete/share commands, and back up important documents before full replacement or deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill advertises destructive actions like delete and full-content replacement without an explicit warning about irreversibility, confirmation requirements, or backup expectations. In an agentic setting, this increases the risk of accidental data loss if a user request is ambiguous or if the tool is invoked on the wrong document.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The documentation includes sensitive credential setup and token acquisition context without user-facing handling guidance, which can lead users or downstream agents to paste secrets into commands, logs, transcripts, or source files. While not an exploit by itself, poor secret-handling guidance materially increases the chance of credential leakage.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The examples show authenticated write operations that create and modify remote Feishu documents, but they do not clearly warn that running these commands causes real external side effects. In an agent/tooling context, this can lead users or downstream agents to execute state-changing actions without sufficient confirmation or understanding.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation includes application credentials and secret-handling patterns without warning that FEISHU_APP_SECRET is sensitive and must not be exposed in logs, screenshots, shell history, or source control. This increases the risk of credential leakage, which could allow unauthorized access to Feishu APIs and document data.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: DELETE /docx/v1/documents/{document_id}/blocks/{block_id} # 删除块 POST /docx/v1/documents/{document_id}/blocks/{block_id}/children # 插入子块 POST /docx/v1/documents/blocks/convert # Markdown/HTML→块 DELETE /drive/v1/files/{file_token}?type=docx # 删除文档 GET /drive/v1/files?folder_token=xxx # 列出文件夹文件 POST /drive/v1/permissions/{token}/members?type=docx # 添加权限成员 GET /drive/v1/permissions/{token}/members?type=docx # 获取权限成员
Confidence: 71% confidence
Finding: DELETE /drive/v1/files/{file_token}?type=docx

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal