ClawHub

Feishu Bitable CRUD

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Feishu Bitable helper that openly teaches expected read and write workflows without hidden code or install-time behavior.

Install this only if you want an agent to work with Feishu Bitable data. Use least-privilege Feishu permissions, grant collaborator access only to intended Bitables, and ask the agent to confirm the target app, table, records, fields, and values before creating or updating anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to create and update records in a remote Feishu Bitable, but it does not include guardrails such as requiring explicit user confirmation before writes, warning that actions modify persistent third-party data, or recommending least-privilege usage. In an agent setting, this can lead to unintended or unauthorized modification of business data if the agent acts on ambiguous prompts or prompt-injected content.

Session Persistence

Medium
Category
Rogue Agent
Content
Feishu/Lark Bitable CRUD skill. Teaches your agent to correctly use feishu_bitable_* tools
  for creating, reading, updating records in Feishu Bitable. Handles both /wiki/ and /base/ URL
  formats automatically — resolves wiki node_token to real bitable app_token before any operation.
  Use when: agent needs to read/write Feishu Bitable (multidimensional spreadsheet) data.
metadata:
  clawdbot:
    emoji: "📊"
Confidence
80% confidence
Finding
write Feishu Bitable (multidimensional spreadsheet) data. metadata: clawdbot: emoji: "📊" requires: plugins: ["feishu"] --- # 飞书多维表格 CRUD Skill / Feishu Bitable CRUD 教会 OpenClaw Agent

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal