Feishu Docx PowerWrite

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Feishu/Lark document-writing helper that discloses its document-editing behavior and shows no hidden execution, persistence, or data theft.

Install this only if you want an agent to write to Feishu/Lark Docx documents using your own Feishu app credentials. Prefer append mode, verify the target document ID before writing, and treat replace mode as destructive because it overwrites the target document.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: This is a mismatch because the description presents an operational writing/conversion skill for Feishu Docx, but the actual code only provides setup guidance and runs a simple environment check (`openclaw skills check`). There is no implementation of Markdown parsing, Feishu Docx creation, append/replace behavior, formatting logic, templates, or troubleshooting beyond printed instructions. The issue is not hidden extra behavior, but that the code's primary purpose differs materially from the declared purpose.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest description says to trigger not only on specific Feishu phrases but also 'when users want consistently good doc formatting,' which is vague and lacks clear boundaries. That broad condition could overlap with many general writing or formatting requests and cause unintended invocation outside the Feishu Docx context.

Self-Modification

High

Category: Rogue Agent
Content: description: High-quality Feishu/Lark Docx writing via OpenClaw. Use when you want to turn Markdown into well-formatted Feishu Docx (headings, lists, nesting, code blocks) using feishu_docx_write_markdown; includes safe workflows, templates, and troubleshooting. Trigger on Feishu doc/docx links, “write to Feishu doc”, “generate a Feishu doc”, “append/replace docx”, “convert markdown to feishu doc”, or when users want consistently good doc formatting. --- # Feishu Docx PowerWrite This skill focuses on **reliably writing great-looking Feishu Docx** using OpenClaw’s Feishu OpenAPI tools.
Confidence: 85% confidence
Finding: Write This skill

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal