Trust Assessment
feishu-bitable received a trust score of 34/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Sensitive path access: AI agent config, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Axios POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/stevenlikewatermelon/feishu-api-bitable/src/utils.js:40 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/stevenlikewatermelon/feishu-api-bitable/SKILL.md:23 | |
| HIGH | Arbitrary File Read via CLI Input The `parseJsonInput` function in `src/utils.js` allows reading arbitrary files from the filesystem if the input string starts with `@`. This function is used by several CLI commands in `bin/cli.js` (e.g., `--data`, `--fields`, `--filter`, `--sort`). An attacker who can control these CLI arguments can specify a path like `@/etc/passwd` or `@/app/secrets.txt` to read sensitive files. The content of these files would then be processed and potentially printed to `stdout` via `console.log` in `bin/cli.js` (e.g., in error messages if JSON parsing fails or if the API call fails), leading to data exfiltration. Modify `parseJsonInput` to disallow file path inputs from untrusted sources. If file input is strictly necessary, implement robust validation to restrict file paths to a specific, sandboxed directory, or use a more secure method for file handling that does not expose arbitrary file content to `stdout` or API calls. | LLM | src/utils.js:38 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/stevenlikewatermelon/feishu-api-bitable/package.json | |
| LOW | Non-default npm registry used in package-lock.json The `package-lock.json` file specifies `registry.npmmirror.com` as the resolved registry for dependencies. While integrity hashes are present, using a non-default npm mirror can introduce a supply chain risk if the mirror is compromised or serves altered packages. It's generally safer to use the default `registry.npmjs.org` or a trusted private registry. Configure npm to use the default `registry.npmjs.org` or a trusted private registry. Ensure that all dependencies are sourced from a single, trusted registry to minimize supply chain risks. | LLM | package-lock.json:1 |
Scan History
Embed Code
[](https://skillshield.io/report/950495dc85c2be42)
Powered by SkillShield