ClawHub

feishu-doc-editor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Feishu document editing skill whose powerful document and credential use is expected for its stated purpose, but users should handle tokens and destructive edits carefully.

Install or use this only for Feishu documents you are authorized to access. Use a dedicated Feishu app with minimum permissions, add it only to target documents, keep app_secret and tenant_access_token out of chats, logs, shell history, and repositories, confirm before edits or deletes, and remove collaborator access when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly enables reading and modifying Feishu documents but does not warn about privacy, authorization scope, or the risk of changing organizational content. In an agent setting, this omission can lead users or downstream systems to perform sensitive document operations without verifying ownership, consent, or business impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to obtain and use app_id, app_secret, and tenant access tokens without any handling guidance for secrets. This is dangerous because LLM agents or users may paste live credentials into logs, prompts, scripts, or shared terminals, enabling token theft and unauthorized access to Feishu APIs.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide documents update and delete operations on live document blocks without cautioning about irreversibility, confirmation, or backup expectations. In an agent skill context, this increases the risk that an automated workflow could modify or delete user content without sufficiently explicit user awareness, leading to data loss.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example workflows perform write, update, and delete actions against real Feishu document endpoints with no warning that they change user data. In an agent-integrated environment, copy-pasteable examples can normalize direct destructive use and increase the chance of unintended modifications to production documents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows `app_id` and `app_secret` being supplied directly in a curl example without any warning about secret hygiene, secure storage, or avoiding real credentials in plaintext. In a developer-facing skill, this can normalize unsafe practices and lead users to paste production secrets into shells, docs, chat logs, or version-controlled scripts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guidance recommends verbose curl output and grepping headers to verify `Authorization`, but does not warn that verbose output can expose bearer tokens in terminal output, shell history, CI logs, or support artifacts. Because bearer tokens are directly reusable, leaking them can enable unauthorized API access until expiry.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The sample test script hardcodes `APP_SECRET` in plaintext and demonstrates building live authentication requests from that secret. Users commonly copy such examples into repositories or shared scripts, which can result in long-lived credential disclosure and compromise of the Feishu application rather than just a short-lived token.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide shows how to request a tenant access token using app_id and app_secret but does not warn readers that these secrets and returned tokens must be protected from shell history, shared terminals, CI logs, screenshots, and version control. In a permissions/setup guide for a document-editing integration, this omission materially increases the chance of credential leakage and unauthorized document access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal