Trust Assessment
feishu-doc received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions Requested by Skill.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions Requested by Skill The skill 'feishu-doc' explicitly states a requirement for the 'drive:drive' permission. While the skill's primary description is 'Feishu document read/write operations', the 'drive:drive' permission typically grants broad access to all files and folders within Feishu Drive, not just documents. This level of access is excessive for a document-specific tool and could allow an agent to read, modify, or delete any file on the drive, leading to significant data exfiltration or integrity risks if the agent is compromised or misused. Review the necessity of the 'drive:drive' permission. If the skill truly only needs to interact with documents, consider requesting more granular permissions (e.g., `drive:file` or specific document-related scopes) that limit access strictly to documents or specific file types. If 'drive:drive' is genuinely required, ensure robust safeguards are in place to prevent misuse by the agent, such as strict input validation and human-in-the-loop approvals for sensitive operations. | LLM | SKILL.md:64 |
Scan History
Embed Code
[](https://skillshield.io/report/527df65afd31da04)
Powered by SkillShield