Feishu Sheets

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Feishu Sheets integration that can read, write, and delete spreadsheet content, so it should be used with scoped credentials and care.

Install only if you want the agent to operate on Feishu Sheets. Use a least-privileged Feishu app, limit document access where possible, and review exact spreadsheet tokens, sheet IDs, ranges, and delete requests before allowing changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents destructive operations such as deleting rows/columns and deleting worksheets without any warning, confirmation requirement, or guidance to verify targets before execution. In a spreadsheet-management context, this increases the risk of accidental or socially engineered data loss because an agent may perform irreversible modifications on the wrong sheet or range.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The CLI exposes destructive operations such as deleting sheets and deleting or inserting row/column ranges without any confirmation, dry-run, or guardrail. In an agent/tooling context, a mistaken parameter, prompt injection, or unsafe automation path could irreversibly alter or remove spreadsheet data with no user awareness before execution.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal