Back to skill

Security audit

Create a Deep Research Feishu Doc

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate research-to-Feishu purpose, but it tells the agent to expose live Feishu tokens and may ask for app secrets in chat.

Review before installing. Use only with a least-privilege Feishu app and non-sensitive target folder, configure credentials through a secure secret store, and do not allow App Secret, tenant access tokens, file tokens, tickets, or document tokens to be printed in chat or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly requires printing live `tenant_access_token`, `file_token`, `ticket`, `doc_url`, and `doc_token` in user-visible output and logs. These artifacts are not necessary for the user-facing purpose of generating and uploading a report, and exposing them can enable unauthorized access, replay, document discovery, or abuse of the connected Feishu workspace.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs the agent to expose sensitive Feishu access and document tokens directly in output without any need-to-know restriction or privacy warning. Such disclosures can leak credentials and internal resource handles into chat history, logs, screenshots, or shared transcripts, increasing the chance of account or document compromise.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill says to prompt the user for Feishu App ID and App Secret if config lookup fails, but it gives no secure channel guidance, masking requirement, or warning against entering credentials into ordinary chat. That encourages users to disclose long-lived secrets in a potentially logged conversational interface.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill automates uploading generated research content to Feishu without warning the user that potentially sensitive research data will be transmitted to a third-party service and stored there. In contexts like investment, competitive, or technical research, this can unintentionally exfiltrate confidential or regulated information outside the user's intended boundary.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs plain-language disclosure of sensitive access artifacts and operational secrets during execution. Because these values can grant or facilitate access to APIs and documents, exposing them in status output creates a direct secret-handling failure and enlarges the blast radius to anyone with access to the transcript or logs.

Ssd 3

High
Confidence
97% confidence
Finding
The example transcript includes full live-looking token and document identifiers, normalizing unsafe disclosure and making downstream implementations more likely to copy the behavior. Even if the sample values are illustrative, publishing realistic secret formats in examples encourages leakage of real credentials and internal document handles during actual runs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.