feishu-doc-write

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal Feishu/Lark document-writing helper, with the main caution being safe handling of Feishu app credentials.

Install if you intend to let an agent create or update Feishu/Lark documents. Store app_id and app_secret in environment variables or a secret manager, grant the Feishu app only the minimum document scopes needed, and review document targets before allowing writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill includes an authentication example that embeds placeholders for `app_id` and `app_secret` but provides no guidance on secure secret handling, storage, or redaction. In a skill intended for automation, this can normalize unsafe practices such as hardcoding secrets in prompts, scripts, logs, or workspace files, increasing the chance of credential leakage.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal