ClawHub

飞书多维表格 AI 管家

Security checks across malware telemetry and agentic risk

Overview

This Feishu Bitable helper is mostly coherent, but it gives agents broad read/write workflows for business, customer, and employee tables without enough built-in confirmation or scoping guidance.

Install only if you intend to let an agent operate on Feishu Bitable data. Limit the Feishu app to the specific bases and tables needed, require a preview before any bulk read/write or field change, avoid sending summaries to chat unless explicitly approved, and treat customer or employee tables as sensitive production data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The example explicitly adds `feishu_chat` group messaging as an optional step, which extends the skill from Bitable data management into outbound communications. That scope expansion can enable unintended data disclosure, especially if summarized table contents or sensitive business metrics are posted to a chat without clear authorization or user confirmation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad, commonplace terms such as “数据清洗” and “飞书数据”, which can cause the skill to activate in conversations that are not specifically requesting Bitable operations. Because this skill can read table contents and perform writes, accidental invocation increases the chance of unintended access to sensitive data or unintended record modifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation encourages reading records, traversing entire tables, generating summaries, and writing results back, but it does not instruct the agent to warn the user about privacy, scope, or destructive-change risks beforehand. In a Bitable context, these actions may expose personal or business-sensitive information and may alter production data, so missing consent and risk disclosure materially increases the chance of harmful misuse or accidental overreach.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The examples show bulk employee record updates and additions without any warning, confirmation, or authorization guidance for modifying personnel data. In practice, this can normalize high-impact administrative actions and increase the chance of accidental or unauthorized changes to sensitive HR records.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal