Back to skill

Security audit

网页搜索整理到飞书多维表格知识库

Security checks across malware telemetry and agentic risk

Overview

This skill transparently searches the web and writes organized results into Feishu Bitable, with no hidden code or unrelated behavior found.

Install this only if you want an agent to use your Feishu authorization to create or append Bitable records from web search results. For important workspaces, ask the agent to preview the target app/table and rows before importing, and verify generated summaries before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will automatically create a Feishu Bitable if one does not exist or append records if it does, but it does not clearly warn that it will modify remote user data in the user's Feishu workspace. This can lead to unintended writes, unexpected creation of shared assets, and privacy or integrity issues if users do not realize the action is state-changing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.