ClawHub

Feishu Sheet

Security checks across malware telemetry and agentic risk

Overview

This skill performs Feishu spreadsheet tasks, but it needs Review because its image handling and destructive edit features are broader and less guarded than the metadata makes clear.

Install only if you are comfortable giving this skill Feishu spreadsheet write/delete authority. Use a minimal Feishu app, explicitly account for Drive media upload if using floating images, avoid float_image_url with untrusted URLs, and verify spreadsheet tokens, sheet IDs, and ranges before any overwrite, replace, or delete command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill accepts an arbitrary image URL, downloads it with curl, and then uploads the content into Feishu. That expands the skill from pure spreadsheet operations into general outbound network fetching, creating SSRF-like behavior, unexpected data flows, and the possibility of contacting attacker-controlled hosts from the agent environment.

Scope Creep

High
Confidence
92% confidence
Finding
The code calls the Feishu Drive media upload API to support floating images, but the skill metadata says it only requires sheets:spreadsheet permission. This permission mismatch is dangerous because users and platform policy may believe the skill is limited to spreadsheets while it actually relies on broader Drive functionality and may require additional access than declared.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation includes destructive operations such as delete_sheet, delete_rows, delete_cols, replace, and overwrite-style write commands without any warning, confirmation guidance, or backup recommendation. In an agent setting, this increases the chance of accidental irreversible data loss when the skill is invoked on the wrong spreadsheet or range.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal