Security audit

bitable-formula-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu Bitable formula helper that can read table metadata and create or update formula fields, so it should be used carefully but is not deceptive or malicious.

Install only if you intend to let the agent use Feishu app credentials for the target Bitable. Use a least-privilege Feishu app, keep FEISHU_APP_ID and FEISHU_APP_SECRET out of chats, logs, and repositories, and confirm the app token, table, field, and existing formula before running set-formula.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill relies on environment-based Feishu credentials and executable script capabilities, but no explicit permissions are declared to signal that secret access is required. This creates a trust and review gap: operators may invoke the skill believing it is limited to formula generation when it can access app credentials and interact with remote Feishu data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared description frames the skill as a formula generator, but the documented behavior also includes authenticated enumeration of tables, fields, and full field properties, including existing formulas and options. That mismatch can cause users or reviewers to underestimate the skill's data-access scope, enabling unintended metadata disclosure and broader reconnaissance across a Feishu Bitable app.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill provides direct instructions to create or update remote Feishu formula fields via script and raw API calls, but does not require a clear, explicit confirmation that remote data will be modified. In practice, this increases the risk of accidental overwrites, schema changes, or corruption of production formulas, especially because it can target existing fields automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal