ClawHub

Feishu Doc Sync

Security checks across malware telemetry and agentic risk

Overview

This Feishu document skill is mostly purpose-aligned, but it tells the agent to read local Feishu secrets and make raw API calls outside the declared tool path.

Install only if you are comfortable with an agent editing Feishu documents and potentially reading local Feishu app credentials. Avoid using the raw API/header-row workflow unless you explicitly approve it, confirm the target document and permissions, and are prepared for persistent Feishu document changes. The publisher should remove the local secret-file and automatic git pull instructions or move them behind a vetted, user-approved tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to read Feishu app credentials from a local secret file and use them in raw shell-based API calls outside the declared `feishu_doc` tool boundary. This expands the skill from document manipulation into secret access and arbitrary network use, creating a real risk of credential misuse, unintended exfiltration, and bypass of platform guardrails/auditing.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Telling the agent to always run `git pull` before reading files introduces unrelated repository-modifying behavior into a document sync skill. That can change the working tree, execute configured git-side behaviors in some environments, overwrite local state, and cause unintended network access without user intent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation criteria are broad enough to trigger on many ordinary Feishu-related tasks, increasing the chance that risky instructions in the skill are loaded in contexts where they are unnecessary. Because this skill contains credential-handling and raw API guidance, over-broad activation materially increases exposure and accidental misuse.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions combine direct access to local secrets with raw external API calls, yet provide no warning, consent gate, or operational constraints around handling credentials and transmitting data. In skill context, this is especially dangerous because it normalizes bypassing managed tools and can lead to silent secret exposure or unauthorized document operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal