飞书任务Bot身份

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Feishu/Lark task bot skill that reads app credentials to call Feishu APIs, with no hidden installer, persistence, or unrelated behavior found.

Install only if you trust the publisher with Feishu app-level credentials. Use least-privilege Feishu scopes, avoid granting task write permission unless you actually need future write features, and review the referenced lark-shared skill before relying on its authentication guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill declares that it requires sensitive environment variables and performs direct API calls, but it does not declare explicit permissions despite having env and network capabilities. This weakens policy enforcement and user awareness, making it easier for a skill to access credentials and external services without clear consent boundaries.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal