ClawHub

Google Docs to Feishu

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear document-copy purpose, but its script builds unsafe shell commands from document and user-controlled values while storing reusable Google OAuth tokens locally.

Review or patch the script before installing. Use only with documents intended for Feishu, verify the destination folder and owner, protect or revoke the saved Google token when finished, and avoid running the current version on documents whose titles or contents may contain shell metacharacters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill appears to rely on environment and shell capabilities while declaring no permissions, which undermines least-privilege controls and makes it harder for users or the platform to understand what the skill can actually do. In a skill that handles OAuth credentials and writes documents to an external service, undeclared execution capabilities increase the risk of unauthorized command execution, secret access, or broader system interaction than expected.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill invokes shell commands with execSync to open a browser and to call the OpenClaw feishu_doc tool, which expands its capability from document conversion into OS command execution. Because user-influenced values like title, folderToken, ownerOpenId, and doc_token are interpolated into shell command strings without robust escaping, a crafted document title or argument could trigger command injection.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases are broad enough that the skill may trigger on general references to Google Docs or Feishu migration without a clear confirmation step. Because this skill reads from Google Docs and creates or writes Feishu documents, unintended invocation could cause external data transfer or document creation when the user did not mean to authorize that action.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation does not prominently warn that it will read document content from Google Docs and create/write a new document in Feishu, which can mislead users about the sensitivity of the operation. In this context, insufficient disclosure is risky because the action transfers potentially sensitive content across services and may change data ownership, sharing, or storage location.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal