Feishu Messaging 0

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Feishu messaging skill with expected external API use, but users should confirm recipients and files before sending anything.

Install only if you intend to use a Feishu/Lark bot. Use least-privilege app scopes, protect the app secret, and explicitly confirm the recipient, message text, and exact file path before sending or uploading content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill facilitates external transmission of messages, files, images, and group-member data to Feishu but provides no user-facing privacy notice, consent boundary, or warning about what data leaves the local environment. In an agent context, this increases the risk of unintended disclosure of sensitive content, recipient metadata, or attachments through normal-looking automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal