ClawHub

lark-base

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for managing Lark Base, but it gives an agent broad authority over business data, schema, roles, workflows, file uploads, and third-party integrations with some weak confirmation and privacy guardrails.

Install only if you are comfortable letting an agent operate on Lark Base content with your account permissions. Before using it, require explicit confirmation for schema changes, deletes, role changes, bulk writes, attachment uploads, workflow enablement, and any workflow that sends data to third-party URLs; review target Base/table/field IDs and payloads before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly instructs use of `+field-update --yes` for a high-risk PUT operation, which suppresses an interactive safety check before changing a field definition that can affect an entire column. In an agent setting, this increases the chance of irreversible or broad-impact schema changes being executed automatically without a user-specific confirmation or impact review.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly encourages fetching dashboard block results and returning JSON for direct AI consumption, while framing the operation as safer because it avoids raw records. However, aggregated chart outputs can still expose sensitive business metrics, small-cohort personal data, or protected information through dimensions, measures, trend data, and comparisons. This can lead users or downstream agents to exfiltrate sensitive data without applying appropriate classification, minimization, or access checks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document describes `+field-update` as a high-risk `PUT` operation and only recommends, rather than requires, a safe workflow (`+field-get` first, full-state review, explicit confirmation). In an agent skill that may generate write operations automatically, this can lead to accidental destructive schema changes, field reconfiguration, or data-access side effects if the agent issues incomplete or incorrect payloads.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly instructs users to submit form data and local file paths, and states the CLI will automatically upload those files to Base Drive Media, but it does not provide a clear user-facing warning that local files and entered data are being transmitted to remote services. In an agent setting, this increases the risk of unintended exfiltration of sensitive local files or confidential form contents, especially because attachment upload is automated and path-based.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This documentation describes a destructive write operation that creates records in bulk, but it does not prominently warn users that the command mutates data and that select fields may implicitly gain new options during import. In an automation or agent setting, that omission increases the chance of unintended data creation, schema drift, and integrity issues because users may treat the command like a harmless import helper rather than a state-changing operation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow guide includes a concrete example that sends lead name, mobile number, company, owner, and record ID to an external CRM endpoint. In a skill whose purpose is to help users build automations, documenting outbound transmission of potentially sensitive business and personal data without an explicit privacy warning, consent check, or data-minimization guidance can lead users to deploy unsafe integrations by default.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal