ClawHub
Back to skill

Security audit

Feishu Batch Task Creator

Security checks across malware telemetry and agentic risk

Overview

The skill appears useful for bulk task creation, but it needs review because its documented task-management actions may create or change many existing tasks without clearly bounded user confirmation.

Install only if you want an agent to create and potentially update tasks in the connected task system. Before using it, require a preview showing task count, titles, destination list or project, due dates, and any completion actions, and confirm explicitly before the agent writes changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest and stated purpose frame the skill as batch task creation, but the quick reference also instructs querying and completing existing tasks. That scope expansion can cause the agent to invoke broader task-management operations than the user reasonably expects, increasing the chance of unauthorized reads or modifications to existing tasks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough that ordinary mentions of creating multiple tasks could auto-activate a skill that performs bulk writes. In a write-capable integration, ambiguous activation increases the risk of unintended task creation, especially if the agent proceeds without a strong confirmation step.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill enables bulk creation of records that affect user data, but it does not warn that execution may create up to hundreds of tasks or modify shared workspace state. Without explicit notice and confirmation, users may underestimate the scope and permanence of the action, leading to accidental mass changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal