ClawHub

实施项目经理

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Feishu project-management tool, but it exposes a real Feishu app secret and automatically grants broad organization-wide edit access to newly created project sheets.

Do not install this version as-is. The publisher should rotate the exposed Feishu App Secret, remove all hardcoded credentials, require credentials through secure user configuration, and change new-sheet sharing to private or project-team-only by default. Users should only proceed after confirming the Feishu app permissions, target sheets, and any sharing changes are explicit and reversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes reading, analyzing, and updating Feishu spreadsheets while also exhibiting environment, file read/write, and network capabilities without declaring permissions. This reduces user visibility into the true trust boundary and can enable sensitive actions such as credential use, data exfiltration, or remote modifications without clear consent or policy review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior understates the actual capabilities: beyond reading/updating existing sheets, it can create new Feishu spreadsheets, add worksheets, use embedded Feishu app credentials, and broaden sharing permissions. This mismatch is dangerous because users may authorize a low-risk project-management tool while it performs materially broader actions affecting confidentiality and integrity of project data.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Automatically setting newly created project sheets to organization-wide editable grants far broader access than necessary for routine project tracking. In this context the sheets may contain budgets, contract status, payment schedules, risks, and change records, so overbroad edit access can lead to unauthorized viewing, tampering, or accidental corruption across the tenant.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The document contains a hardcoded Feishu App Secret in plaintext, which is a real credential exposure. Anyone with access to this file could use the secret to obtain tenant tokens for the self-built app and interact with Feishu resources the app is authorized to access, making this especially dangerous because the skill is designed to read and update project-management data automatically.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file hardcodes Feishu APP_ID and especially APP_SECRET as fallback defaults in source code. Anyone with code access can recover these credentials and mint tenant access tokens, enabling unauthorized access to Feishu-integrated data and actions; in a project-management skill tied to contracts, payments, and project records, that exposure is particularly sensitive.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code can create entirely new spreadsheets and then modify their sharing posture, which expands capability beyond the described workflow of reading, analyzing, and updating existing project tables. In an enterprise PM context, this can lead to unauthorized data sprawl and accidental exposure of project or contract data in newly created artifacts without explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The function changes spreadsheet permissions to tenant-editable, meaning anyone in the organization may gain edit access to potentially sensitive project, contract, payment, or risk data. For a project-management skill handling business records, broadening access in this way materially increases the chance of unauthorized modification, data leakage, and integrity loss.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, common project-management terms that could cause accidental invocation during ordinary conversation. Because this skill can read, analyze, and write to Feishu sheets, unintended activation increases the chance of unauthorized data access or unintended spreadsheet modifications.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill does not clearly warn users that it will automatically change spreadsheet permissions to organization-wide editable. Hidden or insufficiently disclosed permission broadening is dangerous because users may expose sensitive project and financial data to a much wider audience than intended without informed consent.

Missing User Warnings

High
Confidence
99% confidence
Finding
This markdown directly exposes an application secret without any security warning, which constitutes credential leakage rather than mere documentation. Because the skill uses tenant_access_token and broad spreadsheet/document permissions, disclosure of the secret can enable unauthorized access to business documents, project data, and automated write operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs setting all newly created spreadsheets to organization-wide editable access (`tenant_editable`), which weakens least-privilege controls and increases the chance of unauthorized modification or accidental tampering. In the context of project management, these sheets may contain milestones, contracts, payment tracking, and other sensitive operational data, so broad editability materially increases business risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script silently broadens sharing permissions during spreadsheet creation without a clear warning or point-of-action confirmation. In this skill's context, where Feishu sheets may contain milestones, payments, contracts, and risk registers, automatic organization-wide edit access can expose sensitive business data and enable unauthorized tampering.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal