Feishu Doc Reader
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Feishu/Lark document reader, but it requires Feishu app credentials and can bring sensitive Feishu document or wiki content into the agent.
Install only if you are comfortable giving a local script Feishu app credentials for read-only document access. Use a dedicated low-privilege Feishu app, restrict document sharing, protect `reference/feishu_config.json`, and be careful with recursive wiki reads because they can bring large amounts of private workspace content into the agent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill should understand that the configured Feishu app can read accessible Feishu content and output it to the local agent session.
The skill requires Feishu application credentials and read permissions for documents, sheets, bitables, and wiki nodes; this is expected for the stated purpose, but it gives the tool account-level read access to content shared with the app.
Create the configuration file at `./reference/feishu_config.json` with your Feishu app credentials: ... "app_id" ... "app_secret" ... API Permissions Required ... `docx:document:readonly` ... `bitable:record:read` ... `wiki:wiki:readonly`
Use a dedicated Feishu app with only the read scopes needed, share only intended documents or spaces with that app, keep the config file private, and rotate the secret if exposed.
A broad recursive read could expose more Feishu knowledge-base content to the agent than the user intended.
The skill documents a recursive wiki-space read mode, which is purpose-aligned and user-directed but can retrieve a large amount of workspace data in one command.
./scripts/read_feishu.sh --wiki-space "SPACE_ID" --recursive
Use recursive wiki reads only for spaces you explicitly want processed, and prefer single-document or single-node reads when possible.
Feishu document text may become part of the agent context and could influence the agent or reveal private information if reused elsewhere.
The skill is explicitly designed to pass extracted external document text into AI-agent workflows, so document contents may include sensitive data or instructions that should not be automatically trusted.
To use this skill in your AI agent ... The response contains ... `text_content`: Extracted plain text for easy processing
Treat retrieved document content as data, not instructions; avoid sending sensitive document output to unrelated tools or prompts unless the user approves.
Users have less external provenance information to verify the maintainer or compare the code against an upstream project.
The package contains executable Python and shell scripts, but the registry metadata does not provide an upstream source or homepage for provenance review.
Source: unknown; Homepage: none
Review the included scripts before use and prefer installing from a trusted publisher or repository when available.