ClawHub

FeishuBitable-Plus

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Feishu Bitable automation tool, but it overstates its privacy protections and can change or delete business data through natural-language commands without enough safeguards.

Review before installing. Use least-privilege Feishu credentials, test against non-production tables first, back up important data before write/delete/import/sync operations, and treat the stored App Secret as sensitive because it is not protected by a real keychain or encryption. Do not rely on the local-only/privacy claims as written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The README makes a strong security/privacy claim that the skill is a 'pure local deployment' and that data never leaves the local environment, while the documented setup and commands clearly depend on Feishu app credentials and Feishu cloud APIs. This mismatch can mislead users into trusting the tool with sensitive enterprise data under false assumptions about data residency and exposure, creating a real social-engineering and compliance risk.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The file advertises 'secure credential storage' and comments mention encryption, but the implementation only Base64-encodes secrets before writing them to disk. Base64 is trivially reversible, so any local user, malware, backup system, or process with file access can recover the plaintext credentials; misleading security claims also increase the chance operators will trust an unsafe design.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README documents create, update, delete, import, and export operations without any warning about destructive effects, confirmation requirements, backup recommendations, or permission scope. In a natural-language-driven data management skill, this increases the chance of accidental or misunderstood destructive actions, especially when users may overtrust the interface and execute commands against production tables.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes full CRUD, batch import/export, and cross-table synchronization but provides no warning, guardrails, or confirmation requirements for destructive actions. In a natural-language-driven interface, ambiguous prompts or user misunderstanding can easily trigger unintended record modification or deletion at scale, increasing the chance of integrity loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes a direct deleteRecord operation from natural-language intent execution without any confirmation, safeguard, or policy gate in this file. In an agent context, ambiguous or manipulated prompts could trigger irreversible record deletion, causing integrity loss and accidental destructive actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The syncTables flow reads all records from one table and writes them in bulk to another table with no user confirmation, destination validation, deduplication, or rollback handling. In an agent skill, a mistaken or adversarial instruction could cause large-scale unintended writes, data duplication, or corruption across business datasets.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal