ClawHub

feishu-doc-skill

Security checks across malware telemetry and agentic risk

Overview

This Feishu document skill does what it says, but it can read or modify Feishu documents and saves reusable Feishu credentials locally in plaintext.

Install only if you trust this publisher with the Feishu documents your token can access. Use a least-privilege Feishu app or user account, verify document links and local image paths before any write or upload, avoid dumping sensitive raw JSON to shared logs, and delete or tightly protect .feishu-user-token.json and .feishu-oauth-config.json when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to use environment credentials, local token files, and networked Feishu APIs, but it does not declare those capabilities or bound their use. Hidden access to env and network expands the agent's effective privilege and makes it harder to enforce least-privilege or obtain informed user consent before authenticating to or accessing remote documents.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is explicitly designed to write back to Feishu documents and insert local images, but it does not require an explicit confirmation step before modifying remote data. In practice, this can cause unintended document edits, data corruption, disclosure of local file contents via image upload, or changes to shared enterprise knowledge bases if a user request is ambiguous or over-broad.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists highly sensitive secrets locally: App Secret is written to a config file and OAuth token data is written to another file using default filesystem behavior, with no permission hardening, encryption, or strong user warning. In the context of a document-read/write skill, compromise of these files could allow unauthorized API access to Feishu content and actions under the user or app context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal