Article to Feishu

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed article-to-Feishu converter, with expected network fetching, image downloads, and Feishu document writes, but users should avoid sensitive URLs.

Install only if you are comfortable letting the agent fetch article pages, download article images, and create or update Feishu documents. Do not use it with private pages, confidential articles, internal links, or URLs containing sensitive tokens unless sending that URL/content through the documented retrieval path, including Jina Reader in some cases, is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill claims broad article-to-Feishu conversion support, but the implementation described relies on undeclared third-party retrieval via Jina AI Reader and only partially implements the advertised workflow. This mismatch can mislead users and agents into sending article URLs and content to external services or assuming Feishu actions are performed locally when they are not, creating data handling and trust-boundary risks.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal