ClawHub

飞书云盘助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Feishu cloud-drive automation skill with powerful but purpose-aligned file, sharing, and directory lookup capabilities.

Install only if you need Feishu Drive automation. Use a dedicated Feishu app with the minimum required scopes, protect FEISHU_APP_SECRET, set FEISHU_ROOT_FOLDER_TOKEN to limit the working area, confirm deletes/moves/shares before execution, prefer view or edit over full_access, and treat contact lookup results as sensitive workplace data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill is presented as a cloud-drive management tool but also documents contact-directory lookup to resolve user identities. That scope expansion can expose employee contact data and enable permission changes on folders for arbitrary users, increasing the blast radius beyond file operations users may expect.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The method documents that the search API requires a user_access_token, but the implementation reuses a tenant_access_token in the Authorization header. This mismatch can lead to broken authorization assumptions, accidental misuse of broader app credentials, and confusing security behavior if callers believe searches are user-scoped when they are not.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
This skill adds directory lookup capability by resolving users from email addresses or mobile numbers, which expands the data-access surface beyond core file management. In an agent context, this can facilitate user enumeration and unintended disclosure of organizational identity data, especially when combined with automated permission sharing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The delete_file and delete_folder methods perform destructive remote actions immediately, without any built-in confirmation, dry-run mode, or guardrails. In an agent setting, prompt injection, user misunderstanding, or tool misuse could trigger unintended deletion of cloud content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
add_permission grants folder access to other users directly, and create_folder_with_permission automates that flow after resolving identities from contact data. In an agent context this is sensitive because it can silently expand access to private material, causing data leakage or over-sharing without a strong user acknowledgment step.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal