ClawHub

Feishu Advanced Builder

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Feishu automation, but it can modify Feishu workspace content and expose a live access token in ordinary command output.

Install only if you trust the publisher and can use a least-privilege Feishu app. Keep Feishu secrets and tenant tokens out of prompts, shared logs, and transcripts; avoid the get-tenant-token command unless you specifically need it and can protect the output. Verify document, board, table, and folder IDs before running write commands, and do not set FEISHU_BASE_URL unless you control the endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description prominently promotes precise write and manipulation of Feishu documents, whiteboards, and Bitable rows, including direct block-level and row-level changes, without an explicit warning that it can alter remote user data. In an agent setting, this increases the risk of unintended destructive edits, bulk corruption, or unauthorized modification if invoked with overly broad credentials or ambiguous prompts.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The setup section references FEISHU_APP_ID and FEISHU_APP_SECRET but does not warn users to protect these credentials, avoid embedding them in prompts or documents, or store them securely. That omission increases the chance of accidental secret disclosure through chat history, logs, screenshots, or committed files, which could enable unauthorized access to Feishu APIs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs credential-backed Feishu actions immediately after obtaining a tenant access token, but provides no user-facing confirmation, disclosure, or dry-run barrier before creating whiteboard blocks or modifying board content. In an agent skill context, this increases the risk of silent external side effects, especially if the tool is invoked on untrusted input or without the operator realizing it will mutate tenant resources.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The get-tenant-token command prints the live tenant access token directly to stdout, which can expose credentials through shell history, CI logs, agent transcripts, or downstream tool capture. Because this token authorizes Feishu API access for the tenant, disclosure can enable unauthorized API operations until the token expires.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal