ClawHub

Feishu Bitable Attachment

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can move files into Feishu and change Bitable records with weak safety controls.

Install only if you trust the publisher and will use a least-privileged Feishu app. Confirm the exact app_token, table, field, record, source file or URL, and append setting before each run; avoid URL mode for untrusted or internal addresses, and treat replace/create operations as record-changing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill supports both appending to existing attachment fields and replacing them, and can also create new records, but the description does not prominently warn that it can modify or overwrite Bitable data. In practice, a user could unintentionally destroy or alter records by using replace mode or create/update flows without understanding the write impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill accepts arbitrary URLs as a source, downloads their content, and then uploads that content to Feishu, but the description lacks an explicit privacy/network warning. This increases the risk of unintended data transfer, SSRF-like internal resource access if untrusted URLs are allowed, and silent movement of sensitive content from external or internal locations into a collaboration platform.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The instruction 'When triggered, you should' defines powerful side effects—downloading files, uploading them to Feishu, and updating or creating records—without clear invocation constraints, confirmation requirements, or scope limits. In an agent setting, broad activation criteria increase the chance that the skill is invoked for loosely related requests and performs unintended external actions or data writes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest advertises the ability to read local files, download from arbitrary URLs, retrieve Feishu message attachments, and then upload/update Bitable records, but it provides no user-facing disclosure or consent step for data transfer and modification. This creates a real risk of silent exfiltration, unintended ingestion of sensitive local or message content, and unauthorized record changes, especially because the skill bridges multiple data sources into an external system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal