Back to skill

Security audit

飞书自动化工具

Security checks across malware telemetry and agentic risk

Overview

This is a Feishu automation documentation skill with broad but disclosed API examples; it has privacy and token-handling cautions but no hidden execution or malicious behavior.

Install only if you intend to build Feishu automations and can manage app permissions carefully. Grant only the scopes required for your workflow, avoid private-message access unless truly needed, keep App Secret and tenant tokens out of logs, and review any automation that can approve, delete, or modify business records before running it on a schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill claims to automate Feishu workflows, but the documentation also instructs enabling inbound/private-message reading capabilities. That materially expands data access into user communications and increases privacy and abuse risk beyond a typical outbound automation scope, especially because no strong justification or consent boundaries are documented.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example prints the tenant access token directly, normalizing unsafe handling of a live bearer credential. Tokens copied into terminals, logs, screenshots, or shared debug output can be reused to call Feishu APIs with the app's granted permissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document enumerates high-sensitivity permissions including private message reading, calendars, approvals, and directory data without prominent privacy warnings or guardrails. This can lead operators to over-provision access and expose confidential communications, workflow data, and personal information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.