飞书文档API技能

Security checks across malware telemetry and agentic risk

Overview

This Feishu Docs skill does what it says, but it can delete, overwrite, and share cloud documents without strong safeguards, so users should review it carefully before installing.

Install only with a least-privilege Feishu app, protect FEISHU_APP_SECRET, and avoid granting tenant-wide document access unless required. Before running delete, replace, or share commands, verify the document ID, folder token, recipient, and intended permission, and keep backups or version history for important documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill documents destructive operations such as full document replacement and deletion, but does not warn about irreversibility, confirmation requirements, or backup expectations. In an agent setting, this increases the risk of accidental data loss because a user or higher-level orchestrator may invoke these commands without understanding that content can be overwritten or removed permanently.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The `delete` command performs an irreversible destructive action immediately after parsing arguments, with no confirmation prompt, dry-run mode, or force flag. In a CLI that can be driven by users, scripts, or agents, this materially increases the risk of accidental document deletion from typoed IDs, prompt-injection-induced tool use, or automation mistakes.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The examples demonstrate commands that create and write remote Feishu documents but do not clearly warn that they perform real state-changing operations. In an agent or automation context, users may run these commands assuming they are illustrative, leading to unintended document creation or modification in production workspaces.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to export FEISHU_APP_ID and FEISHU_APP_SECRET without noting that these are sensitive credentials. In practice, readers may paste real secrets into shell history, screenshots, shared terminals, logs, or example files, increasing the risk of credential exposure and unauthorized API access.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: GET /docx/v1/documents/{document_id}/raw_content # 获取文档纯文本 GET /docx/v1/documents/{document_id}/blocks # 获取文档块列表 PATCH /docx/v1/documents/{document_id}/blocks/{block_id} # 更新块 DELETE /docx/v1/documents/{document_id}/blocks/{block_id} # 删除块 POST /docx/v1/documents/{document_id}/blocks/{block_id}/children # 插入子块 POST /docx/v1/documents/blocks/convert # Markdown/HTML→块 DELETE /drive/v1/files/{file_token}?type=docx # 删除文档
Confidence: 82% confidence
Finding: DELETE /docx/v1/documents/{document_id}/blocks/{block_id}

Tool Parameter Abuse

High

Category: Tool Misuse
Content: DELETE /docx/v1/documents/{document_id}/blocks/{block_id} # 删除块 POST /docx/v1/documents/{document_id}/blocks/{block_id}/children # 插入子块 POST /docx/v1/documents/blocks/convert # Markdown/HTML→块 DELETE /drive/v1/files/{file_token}?type=docx # 删除文档 GET /drive/v1/files?folder_token=xxx # 列出文件夹文件 POST /drive/v1/permissions/{token}/members?type=docx # 添加权限成员 GET /drive/v1/permissions/{token}/members?type=docx # 获取权限成员
Confidence: 90% confidence
Finding: DELETE /drive/v1/files/{file_token}?type=docx

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal