Back to plugin

Security audit

Feishu/Lark

Security checks across malware telemetry and agentic risk

Overview

This official Feishu/Lark integration exposes powerful but disclosed document, drive, wiki, and permission tools with no artifact evidence of hidden or malicious behavior.

Install only if you want OpenClaw agents to operate inside Feishu/Lark. Use least-privilege Feishu app scopes, keep the permission tool disabled unless needed, confirm destructive edits or deletes before allowing them, and treat local file upload as sending that file to Feishu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly supports uploading from arbitrary remote URLs and local file paths, which expands it beyond simple Feishu document editing into network fetching and local filesystem access. In an agent setting, this can enable unintended exfiltration of local files or transmission of sensitive content into Feishu if a user prompt or downstream instruction causes the tool to read from local paths or fetch attacker-controlled URLs.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation text includes broad phrases like 'cloud docs' and 'docx links,' which may cause the skill to activate for generic document-related requests outside the user's intent to use Feishu. Over-broad activation increases the chance that a powerful read/write skill is invoked unnecessarily, raising the risk of accidental data access or modification.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents destructive operations such as full-document replacement, block deletion, and content updates without emphasizing confirmation or warning requirements. In context, this is more dangerous because the skill is designed for direct document manipulation, so accidental or ambiguous invocations could overwrite or delete user content irreversibly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The local file upload feature describes reading arbitrary local paths and sending the contents to Feishu without any warning about filesystem access or data transmission. This is dangerous in an agent environment because users may not realize that a simple document request could cause sensitive local files to be accessed and exfiltrated to an external service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document gives operational guidance for deleting multiple blocks but does not warn that deletion is destructive and may permanently remove user content if used incorrectly. In a skill that performs live read/write operations on Feishu documents, this omission increases the chance that an agent or user will carry out bulk deletions without confirmation, backup, or scope validation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation description uses broad terms like 'cloud space', 'folders', and 'drive', which are common in many benign conversations and can cause unintended invocation of a skill with file-management capabilities. Because this skill supports listing, moving, creating, and deleting files, accidental activation increases the chance of unintended data access or destructive actions, especially if downstream agent behavior chains directly into tool use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents destructive operations like move and delete but provides no explicit confirmation, warning, or safety guidance before executing them. In an agent setting, this creates a real risk of accidental or prompt-induced file modification or deletion, and the risk is elevated because the documented permission model includes full drive access (`drive:drive`) and access to shared folders containing real user data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description uses broad phrases like 'sharing, permissions, collaborators,' which can match many routine enterprise conversations and cause the skill to activate when the user did not explicitly request permission changes. In this skill's context, unintended invocation is more dangerous than usual because the exposed tool can modify access control on documents and files, including granting full_access to users, groups, or departments.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation description is broad enough to trigger on common terms like 'knowledge base', 'wiki', or 'wiki links', which can cause the skill to activate in conversations where the user did not intend Feishu operations. Because the skill exposes both read and write wiki capabilities, accidental activation increases the chance of unintended data access or modification if an agent proceeds without strong confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents create, move, rename, and wiki-to-doc write workflows without embedding user-facing safety checks or warnings around destructive or state-changing operations. In an agent setting, this makes it easier for the tool to modify knowledge-base structure or content based on ambiguous prompts, increasing the risk of unauthorized edits, accidental moves, or data integrity issues.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.