ClawHub

Feishu Bitable API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Feishu Bitable management skill, but it can change or delete live workspace data.

Install only if you want an agent or CLI to manage Feishu Bitable data. Use a least-privilege Feishu app, protect FEISHU_APP_SECRET and .env files, review any @file JSON path before use, and require your own explicit confirmation before update, delete, or batch operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
parseJsonInput accepts user-controlled strings beginning with '@' and reads the referenced local file without any path restrictions. In an agent skill, this creates a local file read primitive that can expose secrets, tokens, SSH keys, or other sensitive files unrelated to the Feishu Bitable API purpose, especially if untrusted users can influence tool arguments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises create, update, delete, and batch-delete capabilities without warning that these operations can irreversibly alter or destroy user data. In an autonomous or semi-autonomous agent workflow, omission of destructive-operation warnings can lead to unsafe execution without confirmation, backups, or rollback planning.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to configure FEISHU_APP_ID and FEISHU_APP_SECRET but provides no warning that the secret is sensitive authentication material. This increases the risk that users place credentials directly in shell history, shared terminals, screenshots, logs, or repository files, enabling account or API abuse if exposed.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The CLI performs record deletion immediately with no confirmation prompt, dry-run mode, or explicit force flag. In an agent or scripted context, this increases the risk of accidental or malformed input causing irreversible data loss in connected Bitable tables.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prominently advertises destructive operations such as deleting tables and records but does not warn users about irreversibility, confirmation requirements, or backup expectations. In an agent/automation context, this increases the chance of accidental destructive actions and user misunderstanding, which can lead to preventable data loss.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description encourages use of Feishu application credentials and remote data operations without any privacy or security guidance on handling secrets, access scopes, logging, or data transmission risks. Users may store credentials insecurely or expose sensitive business data through misconfiguration, especially when integrating the skill into automated workflows.

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal