AgentReadyHomeAgent Listing

← feishu-doc-scraper

feishu-doc-scraper — agentic threat model

7.7AIVSS 7.7 · High

The feishu-doc-scraper agent presents moderate-to-high risk due to its local file-writing capabilities and headless browser execution, which could be exploited for local file overwrite or server-side request forgery (SSRF) if fed malicious Feishu documents.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 0.94Factor sum 2.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.50
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The description does not specify which foundation models are used to drive this agent skill or if it relies purely on deterministic programmatic logic wrapped as an agent skill.

L2 · Data Operations✓ mapped

Acts as a data ingestion pipeline extracting Feishu/Lark docs, spreadsheets, and transcripts. Risks include data exfiltration of sensitive corporate knowledge bases and potential ingestion of poisoned/malicious document content that could exploit downstream parsers.

L3 · Agent Frameworks✓ mapped

Utilizes lark-cli API and a browser-DOM fallback to scrape content. Insecure tool integration is a primary threat; malicious Feishu documents could exploit the headless browser or the markdown conversion logic to execute arbitrary code or write to unauthorized local paths.

L4 · Deployment & Infrastructure✓ mapped

The agent runs locally, calling external APIs, launching a headless browser, and writing files to the local filesystem. This poses risks of local directory traversal, host file overwrite, and potential sandbox escape via the headless browser.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No logging, auditing, or guardrail mechanisms are mentioned to monitor the headless browser's behavior or validate the integrity of the written markdown files.

L6 · Security & Compliance (cross-cutting)✓ mapped

Requires Feishu/Lark API credentials and session cookies for browser-DOM fallback. Storing and handling these highly sensitive authentication tokens poses significant credential exposure and unauthorized data access risks.

L7 · Agent Ecosystem✓ mapped

As an open-source community agent skill, it may be integrated into larger multi-agent workflows. A compromise in this scraper could allow an attacker to feed malicious payloads upstream to other agents in the ecosystem.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).