Feishu Notes Bot

Security checks across malware telemetry and agentic risk

Overview

This is a Feishu note-taking integration that clearly centers on sending selected notes to Feishu and storing some notes locally.

Install only if you are comfortable sending selected notes, meeting records, and project content to Feishu and storing some notes locally. Use a dedicated Feishu app, grant only the permissions you need, keep the App Secret private, review Feishu document sharing settings, and inspect any separate helper scripts or gateway service before running them with real credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly describes syncing notes, meeting records, and project content to Feishu cloud documents, but it does not present a prominent user warning at the point of use that potentially sensitive content will leave the local environment and be stored on a third-party service. This creates a real privacy and data-handling risk because users may submit confidential meeting notes or internal project information without informed consent about remote transmission and storage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal