ClawHub

Feishu Sheet Reader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uses configured Feishu credentials to read Feishu spreadsheet data, with no evidence of hidden persistence, unrelated data access, mutation, or exfiltration.

Install only if you trust the local Feishu app credentials this skill will use. Prefer least-privilege Feishu app permissions, confirm the spreadsheet link and range before reading, and avoid full-sheet reads when the sheet may contain sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs the agent to retrieve Feishu app credentials from local configuration, exchange them for a tenant access token, and send spreadsheet contents to Feishu APIs, but it provides no user-facing warning about this external data access flow. This creates a real privacy and consent issue because users may not realize that linked sheet contents and associated authentication material will be used to access third-party data outside the immediate conversation context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script silently loads Feishu credentials from a local config file or environment and then uses them to access remote data, without any user-facing disclosure or consent step. In an agent-skill context, hidden credential use is more dangerous because the caller may not realize the skill is authorized to act with local Feishu app privileges.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code sends app_id and app_secret to Feishu's token endpoint and later uses the resulting bearer token for additional outbound requests, but the skill provides no warning that it will perform authenticated external network operations. In an agent environment, undisclosed authenticated egress increases the risk of unintended data access and token misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal