Back to skill

Security audit

Save Douyin Video To Feishu Drive

Security checks across malware telemetry and agentic risk

Overview

The skill’s main purpose is coherent, but it gives Feishu credential and cloud-upload instructions with weak scoping and persistence guidance that users should review carefully.

Install only if you are comfortable giving the workflow Feishu Drive upload authority. Do not put app_secret, access tokens, or other secrets in TOOLS.md, chat, shell history, or source-controlled files; provide them at runtime through a secure secret mechanism. Confirm the exact minimum Feishu scopes needed for upload before granting permissions, and make sure you are allowed to download and upload the Douyin content into your Feishu workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The documentation tells users to grant only `drive:drive.metadata:readonly` while the workflow explicitly uploads files to Feishu Drive, which requires write-capable permissions. This mismatch is dangerous because it causes operators to misconfigure access, fail unexpectedly, and then broaden permissions ad hoc during troubleshooting without clear least-privilege guidance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to fetch a tenant access token using `app_id` and `app_secret` and then upload externally sourced video content to Feishu, but it does not warn about handling secrets, token exposure in shell history/logs, or privacy implications of transferring third-party content into enterprise storage. In agent or shared-terminal contexts, this increases the risk of credential leakage and unintended data ingestion into organizational systems.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill tells the agent to save a persistent preference to `TOOLS.md` that includes credential-related configuration such as Feishu token acquisition inputs and folder identifiers, without warning against storing secrets. In practice, this can lead to long-lived credentials or sensitive configuration being written into workspace documentation, where they may be exposed to other tools, users, source control, or future prompts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.