ClawHub

Feishu Literature Manager

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it searches PubMed and creates or updates Feishu literature tables, with the main caution that it can write records and grant the requester full table access.

Install only if you want an agent to create or update Feishu Bitable literature databases. Before running it, confirm the target Feishu table or folder, search topic, number of papers, and whether full_access should be granted; use it only with Feishu tables you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to create fields, add records, and modify Feishu Bitable content, but the upfront description does not clearly warn users that it will write to and alter their Feishu data. In a skill that can create or update user-owned tables, lack of explicit write-disclosure can lead to surprising or unauthorized modifications.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow instructs automatically setting table permissions to full_access without an explicit consent step. Permission changes are security-sensitive because they alter who can manage, share, and delete user data; doing this by default expands access and control beyond the minimum needed.

Missing User Warnings

High
Confidence
98% confidence
Finding
This section mandates always granting full_access and even documents enabling the permission tool, normalizing a privileged action without user opt-in or contextual necessity. In skill context, this is more dangerous because the same workflow also creates and populates user data stores, so automatic privilege changes can compound the impact of mistakes or misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal