feishu-task-integration-skill

Security checks across malware telemetry and agentic risk

Overview

This Feishu todo-sync skill mostly matches its stated purpose, but it can share and mutate task data with under-scoped users and credentials.

Install only if you intend to grant a Feishu app task read/write and member-management access. Before use, remove the hardcoded user ID, replace /home/gary paths with user-controlled paths, verify exactly who will be assigned or added as followers, avoid logging full API payloads, and do not put sensitive task text into todos unless external Feishu sync and local persistence are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The task-listing methods accept a user_id parameter but do not use it, instead retrieving tasks broadly from the generic task API and filtering only by completion state. In a multi-user or shared-tenant context, this can expose tasks unrelated to the intended user, causing unauthorized data disclosure and confusing sync behavior.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The code hardcodes specific user IDs and automatically adds them as followers/assignees to created tasks. This can leak task contents and metadata to unintended users and causes unauthorized task assignment or monitoring without per-task user consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The usage examples show local todo and done commands, but the documentation does not prominently warn that creating or completing tasks triggers automatic synchronization to Feishu. In this context, omission is risky because routine local task actions may unintentionally disclose task content, deadlines, and completion status to an external platform.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The configuration section instructs users to place an App Secret in a local JSON file but gives no guidance on secure storage, access controls, rotation, or avoiding accidental commits. Because this secret enables API access to Feishu, poor handling can lead to credential leakage, unauthorized task operations, and broader compromise of integrated workspace data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide explicitly recommends recording complete API requests and responses, which can expose Bearer tenant_access_token values, task contents, user identifiers, and other sensitive metadata in logs. In a task-integration skill, logs are often broadly accessible to operators or retained centrally, so this guidance increases the risk of credential leakage and unauthorized access to Feishu task data.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs users to validate configuration by creating a real test task in Feishu, which performs a state-changing action against an external system. Without an explicit warning that this will create live data and may notify assignees or pollute production task lists, users may unintentionally modify real organizational data during setup or testing.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The complete_task function performs an irreversible remote state change against the Feishu API without any confirmation, dry-run mode, or secondary validation. In an agent skill context, this increases the chance that a mistaken invocation, malformed task ID, or prompt-driven action silently marks tasks complete and disrupts workflow integrity.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code sends raw todo content to the Feishu Task API via add_to_feishu_task() immediately after local task creation, but the user-facing responses do not clearly disclose that task text will be transmitted to a third-party service. Todo items often contain sensitive work or personal details, so silent external synchronization can unintentionally leak private information.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The handler persists todo data to /home/gary/.openclaw/workspace/todo_data.json without any user-visible notice or consent flow. While local storage is common, undisclosed persistence can expose sensitive task content to other local users, backups, or later compromise of the host.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The handler sends raw task content and derived metadata to Feishu's external API, but the code provides no user-facing notice, consent flow, or configuration guard at the point of transmission. Because todo text may contain sensitive personal or business information, this creates a privacy and data-governance risk rather than a code-execution flaw.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal