Feishu Workflow CLI

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a normal Feishu/Lark workflow guide, but it also includes direct DingTalk/WeCom messaging commands that conflict with its stated delegation boundary.

Review before installing if you want a Feishu/Lark-only skill. The main Lark workflow guidance is coherent, and VirusTotal/static scans were clean, but the cross-platform messaging examples could cause an agent to send messages through DingTalk or WeCom instead of using the dedicated cross-platform control point.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is presented as a Feishu/Lark orchestration skill, but it embeds a direct `dws ding send` command for DingTalk. This can cause an agent to execute actions outside the declared platform boundary, bypassing expected delegation and increasing the chance of unintended external messaging or policy violations.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The file tells agents to delegate cross-platform workflows to another skill, but the inline branching example directly invokes a DingTalk command anyway. This contradiction weakens policy boundaries and can mislead an agent into taking unauthorized actions on external platforms instead of routing through the intended control point.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal