Back to skill

Security audit

Feishu Owner Transfer Advanced

Security checks across malware telemetry and agentic risk

Overview

This skill openly performs Feishu document ownership transfers, but its default guidance is too broad for a high-impact action and repeatedly steers transfers to a fixed user ID.

Review this before installing if you manage Feishu documents. Only use it in an account where transferring ownership to the shown open_id is intended, run the dry-run/list mode first, verify every target token or wiki space, and avoid bulk commands unless you have explicit authorization for all affected documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes local shell commands and Python scripts but does not declare any permissions or trust boundaries. That mismatch can cause the agent or operator to execute filesystem and command-line actions without appropriate review, increasing the chance of unintended document ownership changes or abuse of locally configured credentials.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough that ordinary requests like '转移文档' or '文档转给我' could activate a high-impact ownership-transfer workflow without strong contextual checks. Because the skill performs privileged administrative actions, loose activation increases the risk of accidental invocation, social engineering, or misuse against documents the requester should not control.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The documentation hard-codes a specific recipient open_id and presents it as a default/fixed configuration, steering all ownership transfers to one person without requiring user choice or justification. In the context of a skill whose sole purpose is transferring ownership of Feishu documents, this creates a strong risk of covert exfiltration or unauthorized consolidation of control over many files.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script can bulk-transfer ownership of many documents with a single flag and immediately performs the action without an interactive confirmation step, preview gate, or explicit acknowledgment of consequences. In the context of a document-ownership transfer tool, this increases the chance of large-scale unauthorized or mistaken changes affecting access control, accountability, and business continuity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This script can perform bulk ownership transfers across a wiki space without any interactive confirmation or secondary safeguard once the operator omits --list. Because ownership transfer changes access control on many documents at once, a mistaken target ID or space ID can cause broad unauthorized reassignment and business disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.