ClawHub

飞书文档 Block 拆分写入(安全版)

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate Feishu document-writing purpose, but its automatic triggers are broad enough to write user content to Feishu without clear per-action approval.

Install only if you want the agent to create Feishu documents from conversation content. Configure it to ask before every write, verify the Feishu account, assignee, folder, and sharing settings, and do not rely on the referenced block-writer.py script unless you can review the actual script source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The auto-trigger conditions are broad enough to activate on ordinary user requests, including generic mentions of creating a Feishu document or responses over a size threshold. Because this skill can create remote documents and append content automatically, overly permissive triggering increases the chance of unintended data exfiltration, unintended external side effects, and user-surprising actions without explicit consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not clearly disclose that it may create a remote Feishu document, upload user content to an external service, assign it by default to a specific account ID, verify after creation, and potentially auto-open Chrome. Missing disclosure undermines informed consent and can lead to privacy, data handling, and unexpected action risks, especially when sensitive conversation content is written out automatically.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill is configured with auto_trigger_enabled set to true, but the manifest provides no trigger phrases, scope restrictions, or other gating metadata to limit when it should run. In an agent environment, this can cause the skill to activate in overly broad contexts, increasing the chance of unintended document writes or misuse without clear user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal