happycapy-feishu
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Modifies the global agent configuration file
~/.claude.jsonusing a Python script to register the MCP server locally. - [COMMAND_EXECUTION]: Performs in-place source code patching of the
@larksuiteoapi/lark-mcppackage usingperlto increase hardcoded authentication timeout values. - [COMMAND_EXECUTION]: Overwrites the
keytardependency within the installed Node.js module with a custom script (keytar-file-storage.js) to provide file-based credential storage. - [EXTERNAL_DOWNLOADS]: Fetches the official
@larksuiteoapi/lark-mcppackage from the NPM registry using thenpxutility. - [REMOTE_CODE_EXECUTION]: Executes code downloaded from the NPM registry via
npxto facilitate the OAuth login process and run the MCP service. - [PROMPT_INJECTION]: The skill creates a significant attack surface for indirect prompt injection. 1. Ingestion points: Callback URLs provided by users and external Feishu content (messages, documents, and Bitable records). 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The skill has broad write capabilities including replying to messages, updating records, and writing to documents via the registered MCP tools. 4. Sanitization: No sanitization or validation of the ingested external content is performed before processing.
Audit Metadata