ClawHub

Feishu Bitable

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Feishu Bitable tool, but it can update or delete live table data and cache access tokens with limited safety guidance.

Install only if you are comfortable giving the agent Feishu app credentials that can read and modify the relevant Bitables. Use least-privilege Feishu app permissions, preview records before update/delete, avoid filter-based destructive commands unless you have verified the match set, keep backups or exports for important tables, and treat both FEISHU_APP_SECRET and the cached tenant token as sensitive credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents destructive operations such as INSERT, UPDATE, and DELETE but provides no warning that these actions modify live Feishu Bitable data and may be irreversible. In an agent setting, that omission increases the chance of unintended data loss or unauthorized modifications because users or downstream agents may treat the commands as routine read-only queries.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation requires FEISHU_APP_SECRET and FEISHU_APP_ID but does not include any guidance on secure storage, non-disclosure, or avoiding logging/secrets exposure. In agent workflows, credentials are often copied into prompts, shell history, logs, or debug output, so omitting credential-handling guidance materially raises the risk of secret leakage and subsequent unauthorized access to Feishu data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script caches a Feishu tenant access token to a predictable local file under the user's home directory without setting restrictive permissions or clearly informing the user. If the host is multi-user, the filesystem is backed up/synced, or another local process can read the file, the token could be stolen and used to access Feishu APIs with the tenant's privileges.

VirusTotal

No VirusTotal findings

View on VirusTotal