ClawHub
Back to skill

Security audit

feishu-bitable-architect

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill helps design Feishu Bitable table structures and is coherent with its stated purpose, though its trigger examples are broad enough that users should confirm intent before creating tables.

Install this if you want business-management requests turned into Feishu Bitable schema plans. For vague requests, confirm that you actually want a Feishu table design, and review the proposed fields, automations, and downstream creation step before letting another agent build anything in your workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to overlap with ordinary conversation, increasing the chance that the skill activates outside the user's real intent. In an agent environment, accidental activation can cause inappropriate collection of business details, unwanted workflow hijacking, or downstream action proposals that the user did not mean to initiate.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The quick-start trigger example lacks contextual constraints and does not define when the skill should stay inactive. This makes misrouting more likely, especially in multi-skill systems where a generic phrase like '帮我搭建一个客户管理系统' could trigger planning behavior during exploratory discussion and lead to unintended downstream operations by the host agent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.