ClawHub

飞书文档API对接

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Feishu automation, but it can change or delete cloud document/business data and persist OAuth tokens with limited enforced safeguards.

Install only if you are comfortable granting this skill access to Feishu documents, sheets, Base records, Drive metadata, and IM actions. Use the narrowest Feishu app scopes possible, avoid shared token files unless needed, rotate/revoke tokens when done, and require an explicit read/backup/confirmation step before replace, delete, sheet replace, Base update, or message-send operations.

Publisher note

只需要你 1、输入飞书bot的id和key 2、授权bot文档权限 就可以实现让openclaw帮你创建在线文档 支持:在线文档、多维表格、在线sheet等云盘相关能力。 Just you 1、Enter the Feishu bot's ID and key 2、Authorize the bot's document permissions You can then use OpenClaw to help you create online documents Support: Online documents, multi-dimensional tables, online sheets, and other cloud disk-related capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes and enables capabilities including environment access, file read/write, shell execution, and network access, but does not declare permissions or constrain how those capabilities should be authorized. In an agent setting, undeclared high-privilege capabilities reduce transparency and can lead to over-broad execution against local secrets, files, or external services without clear policy boundaries.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This service exposes bulk document-block deletion and section replacement logic that can remove content without any built-in confirmation, dry-run, safeguard, or revision precondition. In an agent skill that can act on user documents, a mistaken target heading, stale document structure, or unsafe upstream prompt/tool invocation could cause irreversible or hard-to-recover content loss.

Session Persistence

Medium
Category
Rogue Agent
Content
## Safety Rules

- Never print `.env`, app secrets, user access tokens, refresh tokens, or webhook secrets.
- Before write operations, identify whether the call uses a user token or tenant/app token.
- Treat `expires_in` and `refresh_token_expires_in` returned by Feishu as the source of truth. Do not hard-code token lifetimes.
- `refresh_token` is single-use. After any refresh, immediately persist both the new `FEISHU_USER_ACCESS_TOKEN` and the new `FEISHU_USER_REFRESH_TOKEN`.
- New cloud resources must be user-owned by default. For doc creation, prefer `FEISHU_USER_ACCESS_TOKEN`; only use app-owned creation when the user explicitly accepts that limitation.
Confidence
78% confidence
Finding
write operations, identify whether the call uses a user token or tenant/app token. - Treat `expires_in` and `refresh_token_expires_in` returned by Feishu as the source of truth. Do not hard-code token

Unpinned Dependencies

Low
Category
Supply Chain
Content
lark-oapi>=1.4.18
python-dotenv>=1.0.1
Confidence
92% confidence
Finding
lark-oapi>=1.4.18

Unpinned Dependencies

Low
Category
Supply Chain
Content
lark-oapi>=1.4.18
python-dotenv>=1.0.1
Confidence
96% confidence
Finding
python-dotenv>=1.0.1

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
84% confidence
Finding
python-dotenv

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal