Back to skill

Security audit

Feishu File Operations

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Feishu file/document operations guide; it can send files externally, but that behavior is disclosed and matches the stated purpose.

Before using it, verify the Feishu recipient ID, confirm the file or document is approved for sharing, avoid secrets or personal data unless authorized, and keep app secrets and tokens out of shell history, logs, and chat transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to send local files and document links to Feishu but does not warn that doing so may disclose sensitive local data or create broadly accessible cloud documents. In an automation/agent context, omission of sharing safeguards increases the chance of unintended exfiltration of private files, internal documents, or metadata to external recipients.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The token retrieval examples normalize handling app credentials and bearer tokens directly in shell commands without warning about shell history, process listings, logs, or pasted transcripts. This can lead to credential leakage and subsequent unauthorized access to Feishu APIs, including file messaging and document operations.

External Transmission

Medium
Category
Data Exfiltration
Content
-F "file_type=doc" | jq -r '.data.file_key')

# 3. 发送文件
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"receive_id\":\"ou_xxx\",\"msg_type\":\"file\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\"}\"}"
Confidence
97% confidence
Finding
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.