飞书连接问题解决方案

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is coherent, but it should be reviewed because it tells users to grant broad Feishu workspace permissions.

Use this as a checklist, not a blanket permission template. Before installing or following it, have a Feishu admin review each scope, avoid batch-importing permissions you do not need, test with a limited app or workspace first, and confirm how the OpenClaw gateway handles message events and logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 90% confidence
Finding: The entire skill documentation is written only in Chinese, and there is no indication that the skill is region-specific or that users may choose another language. Under the policy, forcing a specific language without user opt-in can be a natural-language policy violation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal