Back to skill

Security audit

Feishu Knowledge Ingest

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local document-ingestion helper with dependency and capability-limit cautions, but no evidence of hidden, destructive, or exfiltrating behavior.

Install only if you understand that this version is mainly a local parsing skeleton, not a complete Feishu connector. Review generated outputs before importing them into memory or sharing them, avoid broad sensitive input directories, and pin vetted python-docx and pypdf versions with file-size/time limits when processing untrusted documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill claims to ingest Feishu folders and shared attachments, but the analyzed behavior reportedly only processes a local input directory and lacks Feishu integration. This mismatch can mislead operators into trusting that data came from Feishu when it may instead come from arbitrary local files, creating provenance confusion, incorrect security assumptions, and possible unintended ingestion of the wrong data set.

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pypdf
Confidence
98% confidence
Finding
python-docx

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pypdf
Confidence
98% confidence
Finding
pypdf

Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)

High
Category
Supply Chain
Confidence
99% confidence
Finding
python-docx

Known Vulnerable Dependency: pypdf — 10 advisory(ies): CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-); CVE-2026-40260 (pypdf: Manipulated XMP metadata entity declarations can exhaust RAM) +7 more

Low
Category
Supply Chain
Confidence
94% confidence
Finding
pypdf

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.