ClawHub

Feishu Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu automation toolkit with broad but purpose-aligned document, wiki, table, and backup workflows.

Install only if you are comfortable granting Feishu automation access to the relevant documents, wikis, bitables, and drive folders. Use the narrowest Feishu app scopes possible, run dry-run modes first, avoid broad folder tokens until tested, and keep real app secrets in environment variables or a secret manager rather than checked-in config files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises operational scripts that read and write local files and Feishu content, but it does not declare any permissions or clearly bound those capabilities. This creates a transparency and governance gap: users and the host system may not realize the skill can copy, modify, or export content, increasing the chance of unintended data access or destructive changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description emphasizes backup, migration, synchronization, and report generation across documents, wikis, bitables, and cloud storage, but it provides no explicit warning that these workflows may duplicate, move, or overwrite organizational content. In a Feishu automation context, this is risky because users may trigger broad cross-app actions affecting sensitive business data without understanding the modification and exfiltration implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick-start example immediately shows a batch update command against a folder token without warning that it can mass-edit multiple documents. That makes unsafe use more likely, especially for copy-pasted commands, and could cause widespread unintended document changes if run against the wrong folder or template.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The migration workflow includes listing documents, converting content, creating replacements, and rewriting internal links, but it omits warnings about data movement, broken references, and accidental duplication or overwrite. In a knowledge-management environment, link rewrites and cross-space migration can propagate errors broadly and may expose or misplace sensitive content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The configuration example shows `app_secret` directly in a YAML file, which can normalize insecure secret handling and lead users to store credentials in checked-in config files. In an automation skill for Feishu, these credentials may grant broad access to documents, wikis, bitables, and storage, so accidental disclosure could enable unauthorized API access and data exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal