Back to skill

Security audit

lark-file-sender

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Feishu/Lark file-sending skill, but users should confirm the exact file and recipient before sending anything sensitive.

Install only if you want your agent to send selected local files through Feishu/Lark. Before each send, verify the file path, destination user or chat, and message text, especially for invoices, credentials, reports, personal data, or batch sends. Do not treat the generation-command examples as approval to run local code unless you explicitly asked for that generation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill introduces `exec command="python generate_report.py"` as part of a normal workflow even though its purpose is file delivery. That broadens the operational scope from messaging to arbitrary command execution, which could lead an agent to run untrusted or unnecessary local code before sending files, increasing the risk of harmful actions or unintended data exposure.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill is scoped to sending files via Feishu, but the example introduces arbitrary command execution (`exec command="python generate_csvs.py ..."`) as part of the workflow. This expands the apparent capability boundary of the skill and can normalize unrelated code execution, increasing the chance an agent will run shell commands without adequate scrutiny or authorization.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger example "Send this file to Feishu" is specific, but the listed automatic-trigger behavior includes broad phrasing such as "Send these documents to the team," which could match ordinary file-sharing requests without sufficient Feishu-specific intent. In an agentic system, overly broad trigger patterns can cause the skill to activate unexpectedly and route files to an external messaging platform, increasing the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes sending arbitrary files to Feishu/Lark but does not mention privacy, confidentiality, or external-sharing implications. Because this skill is specifically designed to transmit files off-platform to users or groups, omission of any warning or consent guidance makes accidental sharing of sensitive documents more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages sending local files to Feishu recipients without warning that this transfers file contents outside the local environment. In an agent setting, missing disclosure and confirmation can cause accidental exfiltration of sensitive documents, credentials, reports, or other private workspace data to external users or group chats.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples repeatedly show transferring local workspace files to Feishu users or groups, and one example also includes command execution, without any visible notice about external data transfer, recipient verification, or execution side effects. In an agent setting, this can cause users or downstream systems to underestimate that files are leaving the local environment and being sent to external recipients, creating risk of accidental data exfiltration or unsafe execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.