Security audit

Feishu Toolkit

Security checks across malware telemetry and agentic risk

Overview

This Feishu/Lark skill is not malicious, but it gives an agent broad workspace powers without consistent confirmation or scoping for sensitive actions.

Install only with a dedicated low-privilege Feishu app and grant the minimum scopes needed. Require explicit approval for every chat-history read, document write or overwrite, file or screenshot send, permission change, and scheduled reminder. Avoid tenant-wide or admin-capable credentials unless you fully understand the workspace impact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad generic terms such as "feishu" and "lark" that may activate the skill during ordinary conversation, causing unintended access to messaging, documents, permissions, or file-sending capabilities. In a skill with data-access and outbound-transmission features, accidental invocation materially increases the chance of privacy or security-impacting actions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The screenshot workflow captures the current macOS screen and transmits it to Feishu without an explicit privacy warning or consent gate at the point of use. Screenshots can contain credentials, private messages, customer data, or other sensitive material, so this creates a direct exfiltration path from the local desktop to an external service.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes fetching and summarizing group chat history but does not present a user-facing warning that these messages may contain sensitive personal, business, or confidential content. Because the capability accesses historical conversation data, users may unintentionally retrieve or summarize information they are not expecting to expose or process.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal