Trust Assessment
feishu-file received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Axios POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/autogame-17/feishu-file/download_image.js:19 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-file/download_file.js:1 | |
| CRITICAL | Arbitrary Local File Upload and Data Exfiltration The `send.js` and `upload.js` scripts allow an attacker to specify an arbitrary local file path via the `--file` argument. The script then reads the content of this file using `fs.readFileSync` and uploads it to the Feishu API. This can be exploited to exfiltrate sensitive files from the agent's filesystem, such as configuration files, credential files (e.g., `.env`, `~/.ssh/id_rsa`), or any other accessible file. The `path.resolve` call does not sanitize path traversal sequences (e.g., `../../.env`), making it possible to access files outside the intended skill directory. Implement robust path validation and sanitization for user-provided file paths. Restrict file access to a designated, sandboxed directory. Consider using a file picker or explicit user confirmation for sensitive file uploads. If direct file path input is necessary, ensure the path is strictly within an allowed directory and does not contain traversal sequences (e.g., `..`). | LLM | send.js:20 | |
| HIGH | Arbitrary Local File Write via User-Controlled Output Path The `download.js`, `download_image.js`, and `download_v3.js` scripts (and by extension, `download_file.js` which wraps `download.js`) allow an attacker to specify an arbitrary local file path via the `--output` argument (or positional argument in `download_v3.js`). The scripts then use `fs.createWriteStream` to write downloaded content to this path. This can be exploited to overwrite existing files, including system configuration files or executables, potentially leading to denial of service, privilege escalation, or command injection if a malicious executable is placed in a PATH-accessible location. The `path.dirname` and `path.resolve` calls do not prevent path traversal if the input itself contains `..` sequences. Implement robust path validation and sanitization for user-provided output paths. Restrict file writes to a designated, sandboxed directory. Ensure that path traversal sequences (e.g., `..`) are strictly forbidden or resolved to a safe, contained location. | LLM | download.js:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/autogame-17/feishu-file/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency '@larksuiteoapi/node-sdk' is not pinned to an exact version ('^1.58.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/feishu-file/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/048b3c99c52ee508)
Powered by SkillShield