Security audit

Feishu Docx Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Feishu document-management tool, but it can overwrite documents, upload chosen files, and change sharing permissions.

Install only if you want an agent to manage Feishu documents through your configured Feishu app. Use least-privilege Feishu app permissions, verify document tokens and member IDs before running commands, and keep backups or version history before using overwrite or permission-change operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Context-Inappropriate Capability

Low

Confidence: 76% confidence
Finding: The reference to a local workspace file outside the stated Feishu-document purpose expands the skill's apparent trust boundary and may encourage agents to access unrelated local data. Even as documentation, pointing to an internal path like /root/.openclaw/workspace/TOOLS.md creates an unnecessary linkage to local filesystem content that could expose sensitive context or normalize off-scope file access.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation promotes write/overwrite behavior and later shows delete-based implementation details without warning that these actions can irreversibly replace existing document content. In an agent setting, omission of destructive-action warnings increases the risk of accidental data loss because users may assume 'write' is additive or safely reversible.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The permission-management examples encourage adding and removing collaborator access without warning that these changes can expose documents to unauthorized users or revoke legitimate access. Because the tool handles direct ACL changes, lack of cautionary guidance materially raises the chance of confidentiality and availability mistakes.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The write operation replaces all document contents by first deleting existing blocks, but the CLI provides no confirmation, dry-run, or explicit destructive-operation warning. In a document-management skill, this makes accidental irreversible data loss far more likely, especially if the wrong doc_token or file is supplied.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The helper performs batch deletion of document blocks silently and is invoked as part of overwrite behavior, with no disclosure or opportunity to review what will be removed. This increases the chance of unintended mass deletion and compounds the risk of destructive data loss in a tool that manages live collaborative documents.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The write command deletes existing document children and replaces them with converted blocks without any confirmation, backup, or safe-guard. In an agent/automation context, a mistaken doc_token, prompt injection, or operator error can irreversibly destroy document contents at scale.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The permissions command can add or remove collaborators, including full_access, with no explicit confirmation or review step. In an automated agent setting, misuse can silently grant unauthorized access or revoke legitimate access, causing confidentiality and integrity issues for shared documents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.