Back to skill

Security audit

Feishu Doc Transfer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can transfer control of Feishu business documents using a tenant token with too little built-in confirmation or scoping.

Install only if you are authorized to transfer Feishu document ownership for the tenant. Treat tenant tokens as sensitive credentials, avoid placing real tokens in shell history or shared logs, and manually verify the file token, recipient ID, member type, and business approval before running the command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes a Python script that performs network operations against Feishu APIs, yet the skill metadata does not declare corresponding permissions. This creates a transparency and governance gap: users or platforms may approve or execute the skill without understanding that it can transmit sensitive identifiers and tokens over the network.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill performs ownership transfer of documents, which is a sensitive access-control operation that can permanently change control over business data. The description explains how to execute the action but does not prominently warn users about the security, authorization, and business-impact risks, increasing the chance of accidental misuse or social-engineering-assisted abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.