飞书文件发送技能(安全版)
Security checks across malware telemetry and agentic risk
Overview
This skill appears intended to send chosen files to Feishu, but needs review because the package does not include the scripts it tells users to run, so credentials and files would be handled by unreviewed external code.
Install only after reviewing the exact external repository and scripts you will run. Use a dedicated least-privilege Feishu app, prefer environment variables over config files, verify the recipient and file before sending, and avoid giving real app secrets to unpinned or unreviewed scripts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.