Skillv1.0.0

ClawScan security

Feishu Suite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 3:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and listed Feishu API scopes align with an all-in-one Feishu integration, but the package metadata omits any declared credentials or auth flow and contains inconsistent metadata, leaving important gaps that could be abused or indicate sloppy/misleading packaging.
Guidance: This skill claims full Feishu integration but omits how it obtains/uses credentials and contains inconsistent metadata (ownerId/slug differ). Before installing or granting access: 1) Ask the publisher how authentication is performed (OAuth redirect URIs, where tokens are stored, whether you must paste tokens). 2) Verify the publisher identity and that the ownerId in the registry matches the skill files. 3) Refuse to paste long-lived credentials into chat — prefer an OAuth flow with explicit redirect URLs you can inspect. 4) Limit granted scopes to the minimum necessary and audit what the skill actually requests during authorization. 5) If you cannot confirm a safe, transparent auth flow and a trustworthy publisher, treat the skill as risky and do not install or provide credentials.

Review Dimensions

Purpose & Capability: concernSKILL.md describes sending messages, managing docs, calendar, tasks and bitable and explicitly lists the Feishu API scopes required — this matches the stated purpose. However, the registry metadata declares no required environment variables or primary credential even though the skill needs Feishu OAuth/tokens. Additionally the _meta.json ownerId/slug differ from the registry-level values, which is an ownership/consistency mismatch.
Instruction Scope: noteThe runtime instructions are high-level and limited to normal Feishu operations (create/update/send/query). They do not instruct reading arbitrary local files or system paths. But the SKILL.md is vague about the actual auth flow: it says '所有操作都需要用户授权' and '文档操作需要文档token（从URL获取）' and '敏感操作会发送授权卡片给用户确认' — leaving ambiguity about whether the agent will prompt users to paste tokens or click links (potential phishing/exfiltration vector if implemented poorly).
Install Mechanism: okInstruction-only skill with no install spec and no code files. This minimizes direct disk writes or remote installs. There is no installer URL or extracted archive to inspect.
Credentials: concernThe skill declares many Feishu scopes (message, doc, calendar, task, bitable) but the registry metadata lists no required env vars or primary credential. A legitimate integration would typically require at least a Feishu app ID/secret or an OAuth token configuration. The absence of declared credential requirements is a mismatch and reduces transparency about where/how credentials will be provided or stored.
Persistence & Privilege: okalways is false and there is no install or code that would persist on the system. The skill does not request elevated agent-wide privileges or to modify other skills' configurations.