Back to skill
Skillv1.0.0
VirusTotal security
ri · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:06 AM
- Hash
- 20fbe70d6f2966206998657e2f90831f10bd33cf07cff86fe829323e2973df54
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ka Version: 1.0.0 The feishu-doc skill provides comprehensive document management capabilities, but it includes high-risk actions in SKILL.md such as 'upload_file' and 'upload_image' that accept a 'file_path' parameter. This allows the agent to read arbitrary local files and upload them to the Feishu platform, creating a potential vector for data exfiltration if the agent is manipulated via prompt injection. While these features are plausibly needed for the stated purpose, the lack of path restrictions or sanitization is a significant security risk.
- External report
- View on VirusTotal