ClawHub

Feishu Sheet Links

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it claims, but it needs review because it can reuse an existing logged-in Chrome debugging session and has under-scoped local write behavior.

Review before installing. Use it only with Feishu documents and extracted links you trust, avoid running it while a logged-in Chrome remote-debugging session is open unless you intend that session to be used, and choose a low-risk output folder. Review extracted URLs before batch download because they will be opened in Chrome and saved locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes external scripts via `npx -y bun`, accesses environment variables, and performs network operations against Feishu/linked articles, but it does not declare permissions or clearly scope those capabilities. This creates a transparency and trust problem: users and enforcement layers cannot readily evaluate that the skill will execute code, access local environment configuration, and fetch remote content.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code actively probes common localhost Chrome DevTools ports and attaches to any already-running browser exposing a debugging endpoint. In this skill’s context, that can silently inherit an existing user-authenticated browsing session, allowing access to open tabs, cookies-backed content, and privileged Feishu data without launching an isolated browser instance.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Runtime.evaluate enables execution of arbitrary JavaScript inside the controlled browser session, which is inherently powerful and can read page contents, interact with authenticated documents, and exfiltrate data if misused. In a Feishu scraping/downloading skill, this capability is expected for automation, but it still materially increases risk because any unsafe expression source or future extension could turn it into arbitrary browser-side code execution against sensitive content.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill writes `feishu-links.json` to the working directory by default and can batch-download many Markdown files, but this side effect is not prominently disclosed before execution. That can lead to unexpected local data creation, disk usage, and persistence of scraped content, especially when users may assume the action is purely analytical or preview-only.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal