Feishu Sheets Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Feishu Sheets integration that can read, write, and delete spreadsheet content when given Feishu credentials and sheet identifiers.

Install only if you want an agent to operate Feishu Sheets with your Feishu app credentials. Use a dedicated app with the minimum read/write scopes needed, protect FEISHU_APP_ID and FEISHU_APP_SECRET, and manually confirm the spreadsheet, sheet, and range before running write or delete actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents destructive actions such as deleting rows/columns and deleting worksheets without any requirement or guidance for confirmation, preview, or scope validation. In an agent context, this increases the risk of accidental or prompt-induced data loss, especially because spreadsheet tokens and sheet IDs can be acted on directly once provided.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal