ClawHub

finebi-skill

Security checks across malware telemetry and agentic risk

Overview

This FineBI skill is a disclosed business-data automation skill, with real sharing and scheduling risks that users should manage carefully.

Install only if you intend to let an agent access FineBI and move selected BI outputs into Feishu workflows. Use least-privileged FineBI credentials, verify Feishu document/group/Bitable destinations before sending or syncing, review any overwrite or scheduled-job action carefully, and avoid using sensitive datasets until permissions and retention are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The top-level skill is described as FineBI analysis/visualization, but the document also instructs operators to load subskills that can generate documents, send messages, create tasks, schedule jobs, and sync data to external systems. This capability expansion can mislead users and reviewers about the true permission and data-flow scope, increasing the risk of unintended exfiltration or automation side effects once the skill is used in a broader workflow.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
The workflow says PDF analysis must only use the built-in pdf tool, yet it directs the user/agent to perform shell-level file copy operations first. That breaks the claimed constrained processing path and can encourage arbitrary filesystem access, unsafe handling of exported sensitive reports, and inconsistent trust boundaries around temporary files.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill goes beyond FineBI data retrieval and report generation by instructing the agent to synchronize document links to an owner or group webhook. That creates an external data-distribution path which can leak sensitive business metrics to unintended recipients if triggered with incorrect or attacker-influenced parameters.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This section explicitly mandates pushing group webhook messages, which is an outbound notification capability unrelated to the core analytics function. Webhook delivery can exfiltrate report contents or links to external systems, especially if webhook targets are user-provided and not strongly validated.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill contemplates management escalation, high-priority task creation, and broad anomaly distribution, which materially expands its authority beyond reporting. Even with some confirmation language, these actions can cause unauthorized business process changes or sensitive incident disclosures if activation is ambiguous or socially engineered.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill materially broadens its behavior from FineBI data retrieval/analysis into outbound Feishu broadcasting and scheduled automation, which are separate high-impact capabilities. This expands the blast radius from local analysis to external data dissemination and persistent background actions, increasing the chance of unintended disclosure or unauthorized recurring messages.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Embedding Feishu group messaging into a BI skill creates an external exfiltration path for potentially sensitive business metrics without strong justification in the stated purpose. Even if intended for reporting, the capability can be abused or accidentally triggered to push internal data to the wrong group or webhook.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Scheduled task administration is outside the declared FineBI analysis scope and enables persistent automation that can continue sending data after the initiating interaction ends. This persistence increases risk because a mistaken or malicious setup can repeatedly leak data or cause operational spam until manually discovered and removed.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill requires sensitive credentials via environment variables for FineBI access but provides no warning about secret handling, data sensitivity, or privacy implications. In a BI context, those credentials may unlock broad access to internal reports and datasets, so missing guidance increases the chance of accidental exposure, overbroad use, or insecure logging.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger list includes broad natural-language phrases such as requests about reports, analysis, FineBI, Feishu documents, and automation, which increases the chance of accidental invocation. Overbroad activation is dangerous here because the skill can search data assets, export reports, create documents, and potentially distribute them externally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description advertises syncing reports to responsible parties or Feishu groups without a prominent upfront warning that business data may be shared externally. Users may invoke the skill for analysis purposes without realizing it can distribute results, increasing the risk of unintended disclosure of sensitive dashboard contents.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Overly broad trigger phrases raise the likelihood that the skill activates during ordinary conversation rather than a clearly intended administrative workflow. In this skill, accidental activation is more dangerous because activation can lead to data retrieval, external group messaging, or scheduled-job operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description does not prominently warn users that the skill may send data cards to Feishu groups and create recurring jobs, both of which have real external and persistent effects. Missing impact disclosure weakens informed consent and makes accidental disclosure or unwanted automation more likely in normal use.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad trigger phrases such as generic alerting and monitoring language, which can cause the skill to activate for loosely related user requests. In an agent environment, overbroad triggering is dangerous because it can route conversations into a high-impact workflow that fetches business data and creates Feishu tasks or notifications without the user explicitly intending that automation path.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad operational phrases such as using FineBI for dashboard analysis, querying data assets, and exporting/analyzing report data, which can match many routine user requests. In an agent environment, overly broad triggers can cause this skill to activate outside its narrow synchronization purpose, creating unintended access to dataset discovery, preview, export, or write actions and increasing the chance of destructive operations like overwrite sync being proposed in the wrong context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal