ClawHub

飞书文档管理器Pro

Security checks across malware telemetry and agentic risk

Overview

This Feishu document skill appears purpose-aligned, but it gives agents examples for clearing or overwriting documents without strong user-confirmation safeguards.

Install only if you are comfortable giving the agent authenticated Feishu document write authority. Before using destructive examples, require the agent to restate the document ID, show what will be deleted or replaced, and get explicit confirmation; prefer append or targeted updates unless full replacement is intentional. VirusTotal was pending and was not used as negative evidence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The weather-update example expands the skill beyond Feishu document management by invoking an unrelated external service (wttr.in) and then injecting that data into a document. This increases the attack surface and creates an unnecessary data-flow from an external source into enterprise documents without documenting trust, validation, or consent boundaries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides direct instructions for bulk block deletion and document clearing but does not prominently warn that these actions are destructive and may irreversibly remove existing content. In an agent context, this omission makes accidental data loss more likely because deletion is normalized as a routine operation without requiring explicit confirmation safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example workflow clears the entire document before writing new content, but it does not warn that running it will overwrite all existing data in the target document. This is dangerous because users may treat it as a harmless update example and unintentionally destroy production content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal