Feishu Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Feishu workspace manager that discloses its ability to create and edit Feishu content.

Install only if you want an agent to manage Feishu documents, wikis, bitables, and drive folders. Use a dedicated Feishu app, grant only the scopes and workspace access needed, protect the app_secret, and review any create or write request before allowing it to change live workspace data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill prominently documents create/write operations across Feishu documents, wiki pages, bitables, and drive storage without any caution that these actions modify live workspace data. In an agent setting, this increases the likelihood of unintended destructive or unauthorized changes because users and downstream agents are not explicitly prompted to confirm targets, scope, or side effects before performing writes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal