Feishu Doc Exporter
Security checks across malware telemetry and agentic risk
Overview
The skill is a plausible Feishu document exporter, but it needs review because it shells out to OpenClaw and can write exported files using unsanitized folder paths.
Install only if you are comfortable granting Feishu document and folder read access. Use a dedicated export directory, test on a small folder first, and avoid relying on advertised PDF/image/incremental features in this version. Review or patch the path handling before exporting folders you do not fully control.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.