Back to skill

Security audit

Feishu Calendar Conflict Detector

Security checks across malware telemetry and agentic risk

Overview

This is a simple Feishu calendar helper with disclosed availability-checking behavior and no hidden code or persistence, but users should confirm calendar access and event creation.

Install only if you intend to let the agent use Feishu calendar tools. Keep queries limited to named attendees and specific time windows, use it only with appropriate workplace authorization, and require explicit confirmation before creating any calendar event.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is positioned as a calendar conflict detector, but the documentation also instructs the agent to create meetings. This expands the skill from read-oriented availability checking into write/action capability, increasing the chance of unintended meeting creation if the agent follows the broader instructions than the manifest suggests.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad everyday language such as '有没有空', which can match many ordinary conversations and cause the skill to activate when the user did not intend calendar access. In a skill that queries scheduling data for multiple users, unintended invocation can lead to unnecessary exposure of availability information or inappropriate tool use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description highlights querying multiple users' free/busy status but does not warn that the skill accesses other users' scheduling information. Without clear disclosure and usage boundaries, users may not understand the privacy implications of checking coworkers' availability, and the agent may normalize access to sensitive calendar metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.