lark-wiki-writer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Lark/Feishu automation, but it asks for sensitive credentials and can send or modify business content without enough privacy and scoping safeguards.

Install only if you are comfortable giving the agent access to the relevant Lark/Feishu app credentials and workspace content. Use a least-privilege app, avoid pasting secrets into chat, confirm the exact target space or document before writes, and rotate or revoke credentials after testing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to supply App ID, App Secret, space identifiers, and document content for operations that call remote Lark APIs, but it does not clearly disclose the data flow or privacy/security implications of sending that material to an external service. This can lead users to paste sensitive content or credentials without understanding that the skill will transmit them off-platform, increasing the risk of inadvertent data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal