Feishu Sheets (Fixed)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it connects to Feishu Sheets to create, read, edit, append, and delete spreadsheet content, with no hidden persistence or unrelated behavior found.

Install this only for workflows where the agent should be allowed to access Feishu Sheets. Use a dedicated Feishu app with the narrowest scopes needed, prefer read-only credentials when editing is not required, and confirm spreadsheet tokens, sheet IDs, ranges, and delete actions before allowing writes or deletions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents destructive operations such as write, append, delete_dimension, and delete_sheet without any warning, confirmation requirement, or guidance on safe use. In an agent context, this increases the chance of accidental or prompt-induced modification or deletion of business data, especially because spreadsheet tokens and sheet IDs are sufficient to target existing documents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal