ClawHub

Feishu Document Permission

Security checks across malware telemetry and agentic risk

Overview

This skill is understandable in purpose, but it includes a live-looking Feishu app secret and can make documents public by link without strong safeguards.

Review before installing. Only use this with Feishu credentials you control, replace the embedded secret with secure user-provided credentials, rotate the exposed secret, require confirmation before changing each document, and avoid logging full document tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds a hardcoded Feishu APP_ID and APP_SECRET directly in documentation. Any user or system with access to this skill can reuse those credentials to mint tenant access tokens and interact with Feishu APIs beyond the immediate task, turning the skill file itself into a secret leakage point.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill is explicitly designed to make documents readable by anyone with the link, which changes access scope in a privacy-impacting way. Although this is the stated purpose, the description does not prominently warn users that this may expose sensitive content externally if used on the wrong document.

Missing User Warnings

High
Confidence
99% confidence
Finding
The embedded API example exposes application credentials and normalizes handling secrets in plaintext. This materially increases the chance of credential theft, unauthorized API use, and downstream compromise of Feishu content or administrative operations tied to the app.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill instructs persistent logging of `DOC_TOKEN` and sharing state into a memory file. Document tokens can function as sensitive identifiers or be combined with shared-link settings to map externally accessible documents, creating avoidable retention and disclosure risk.

Ssd 3

Medium
Confidence
89% confidence
Finding
The checklist reinforces ongoing storage of document tokens and permission states, making sensitive retention part of normal operation rather than an exception. That increases the probability of later leakage through backups, local compromise, or overbroad workspace access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal