Back to skill

Security audit

XiaxiaBao Doc Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Feishu document-management skill, but it defaults to backing up sensitive local OpenClaw memory/config files into Feishu and cleaning old backups with limited safeguards.

Install only if you want this skill to manage Feishu documents and you are prepared to review its backup behavior. Before use, replace all Feishu IDs, remove or tightly restrict the MEMORY.md/openclaw.json backup sources, avoid reading other skills' configs, and require confirmation before scheduled backups, archive moves, or retention cleanup run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill explicitly backs up local host files such as `/root/.openclaw/workspace/MEMORY.md` and `/root/.openclaw/openclaw.json` into Feishu documents. That expands a document-management skill into host-file exfiltration of potentially sensitive memory, configuration, tokens, and operational data, which is not necessary for normal document organization and creates a clear confidentiality risk.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The integration note states this skill can read another system's configuration to obtain Feishu document metadata/token context for backups. Cross-skill access to another component's stored configuration violates least privilege and can expose secrets or enable unauthorized actions beyond the document manager's intended scope.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README explicitly advertises automatic cleanup of old backups but does not clearly warn users that data will be deleted once retention limits are exceeded. In a document-management and backup skill, silent or poorly signposted deletion behavior can cause unintended data loss, especially if users assume backups are append-only or recoverable.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes automatic upload of local files to Feishu without any user-facing warning that sensitive local data may be transmitted to an external document platform. This lack of notice and consent increases the chance of accidental disclosure of private memory, configs, or embedded credentials.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill automatically deletes old backup copies based on `maxCopies` but does not warn users that historical backups will be removed. This can cause unexpected data loss and can hinder recovery, auditing, or incident response if older snapshots are needed.

Ssd 3

High
Confidence
97% confidence
Finding
The backup workflow semantically directs the system to read sensitive local memory/config files, convert them into Feishu documents, and index them in wiki/bitable. This is effectively recurring publication of internal operational data into broader document storage, greatly increasing exposure to anyone with access to those Feishu resources.

Ssd 3

High
Confidence
98% confidence
Finding
The configuration explicitly defines recurring backups of `MEMORY.md` and `openclaw.json`, making exposure of sensitive content a built-in feature rather than an incidental side effect. Because these files commonly contain internal context, settings, and possibly credentials or identifiers, scheduled publication to Feishu materially raises the risk of data leakage.

Ssd 3

Medium
Confidence
87% confidence
Finding
The integration note indicates this skill may read another system's stored Feishu token/context to perform backups. That encourages cross-component access to sensitive configuration data and can enable privilege expansion or secret exposure if one component is compromised or misused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.