ClawHub
Back to skill

Security audit

doc-review-Auuu

Security checks across malware telemetry and agentic risk

Overview

This Feishu document-review skill is coherent, but it asks for cloud document read/write authority and persistently writes reports and raw document links with limited confirmation or safety controls.

Install only if you want the agent to use your Feishu/Lark account to read documents, create review reports, and maintain a persistent summary table. Test in a non-sensitive workspace first, verify the destination folders and summary table permissions, and avoid using it on confidential documents unless you are comfortable with full links and report content being stored in Feishu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The optimization plan explicitly recommends shell-based handling of locally persisted output for oversized documents, including extracting a saved file path and reading it with local utilities like head. That expands the skill's behavior from reviewing user-provided documents to processing arbitrary local file paths emitted by tooling, which creates unnecessary local file access risk and could expose sensitive data if paths are manipulated or if saved outputs contain more than the intended document content.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond document review by instructing the agent/user to perform authentication and credential acquisition with `lark-cli auth login` and broad document scopes. This expands the trust boundary from content analysis into account authorization, increasing the chance of unnecessary privilege use, accidental token exposure, or misuse of an authenticated Feishu session.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The document instructs the skill to pre-check and then request a bundle of read/write document scopes up front, but does not require a clear user-facing explanation of why each permission is needed or enforce least-privilege selection. In a document-review skill, encouraging one-shot authorization for broad scopes increases the chance of over-granting access to private documents and write capabilities beyond what is strictly necessary for the immediate task.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The suggested summary-table management flow reads an existing document, appends a new record, then rewrites the full document in overwrite mode. In a skill whose required deliverables include creating or updating Feishu documents, this can cause unintended modification or destruction of user content if the target document is wrong, parsing fails, or concurrent edits are present, and the markdown provides no explicit confirmation, backup, or warning step.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs the agent to create independent Feishu review reports and states that all documents will be created in the user's Feishu, but it does not require explicit user consent, disclosure of external data transfer, or handling guidance for sensitive content. In a skill that processes user-provided documents and public links, this can lead to unintended export or persistence of confidential material into third-party storage.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include broad everyday expressions such as '审查文档' and 'doc review', which can cause accidental invocation in unrelated conversations. In a skill that can read documents and write reports to Feishu, unintended activation may expose user content to processing and trigger unwanted document creation or updates.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The prompt explicitly instructs the agent to create a Feishu cloud document, move it into a knowledge-base folder, and record the document link in a summary table, but it does not require explicit user confirmation or a user-visible warning before performing these external write actions. This creates a real risk of unintended data exfiltration, persistence of sensitive review content, or unauthorized modifications to shared organizational documents if the reviewed material contains confidential information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create external Feishu documents and register links in a summary table, but does not require explicit user-facing disclosure or confirmation before those write operations occur. In a document-review context, this is dangerous because user-supplied or sensitive material may be persisted to external systems unexpectedly, creating confidentiality, compliance, and audit-consent risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section gives concrete instructions for API-based writes to an external system without mandating user-visible notice, approval, or a least-privilege boundary. Because the skill handles review of potentially confidential external materials, automatic creation and storage of reports and links can leak sensitive content into shared knowledge spaces or logs without the user's informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt directs the agent to create, populate, move, and log a Feishu cloud document containing review output, but it does not require explicit user consent, a disclosure that data will be sent to an external service, or any minimization of document contents before upload. Because the skill accepts arbitrary user-provided document content or links, this can cause unintended exfiltration of sensitive internal or unpublished material into Feishu and related knowledge-base artifacts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The prompt explicitly instructs the agent to create a Feishu document, move it into a knowledge-base folder, and write the resulting link into a summary table, but it does not require explicit user consent or any data-classification/privacy check before sending document-derived content to an external system. Because this skill reviews arbitrary technical documents and may handle internal designs, architecture details, or sensitive business information, it creates a real risk of unintended data exfiltration or oversharing into persistent third-party storage.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill requires preserving and rewriting all historical document links and report links in a shared summary table across reviews. This creates a persistent aggregation of potentially sensitive URLs and metadata, increasing the blast radius if the summary document is accessed by unintended parties and violating data minimization principles.

Ssd 3

Medium
Confidence
97% confidence
Finding
The summary-table design explicitly copies complete original document URLs and AI conversation links into a centralized document. Those links may grant access to confidential documents or reveal sensitive research, customer data, or internal AI conversations, making the summary table a high-value disclosure target.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal