ClawHub

Feishu Owner Transfer

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for transferring Feishu document ownership, but its bulk transfer path can make high-impact account and document-control changes without a confirmation step.

Install only if you intentionally need a Feishu administrator-style ownership transfer tool. Before using --all, run --list first, verify the target open_id, and confirm the exact file scope. Prefer single-token transfers or an explicit owner filter, because mistakes can reassign control of many documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs users to invoke shell commands (`python3 ...`, `lark-cli ...`) but does not declare corresponding permissions. This creates a permission-transparency gap: an orchestrator or reviewer may underestimate the skill's capabilities, while the skill can still cause sensitive state changes by transferring file ownership via CLI/API calls.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases include broad terms like '文档所有者', '批量转移', and 'owner transfer', which can match ordinary discussion or ambiguous requests rather than clear authorization to execute ownership changes. In this context, accidental activation is risky because the skill performs high-impact administrative actions that can change control of documents in bulk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes options such as `remove_old_owner` and `cancel_notify` without warning users that ownership transfer can be difficult to reverse, may remove prior access, and can suppress notifications that would otherwise alert stakeholders. This is especially dangerous here because the skill supports batch transfer, so a single misunderstood command could silently reassign many files and lock out the original owner.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Bulk ownership transfer changes control of potentially many documents without any confirmation gate, preview acknowledgment, or per-item approval. In an agent or automation context, a mistaken target ID, overly broad file selection, or accidental invocation can irreversibly reassign sensitive assets at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal