Feishu SuperToolkit
WarnAudited by ClawScan on May 10, 2026.
Overview
This Feishu toolkit is purpose-aligned, but it needs review because it exposes broad Feishu business actions through an unauthenticated local API and documents a concrete-looking app secret.
Only install or run this if you control the Feishu app credentials and understand the granted permissions. Replace/rotate the documented secret, restrict the Feishu app to the minimum scopes needed, do not leave the local server running unnecessarily, and add local authentication/CORS restrictions before using it for approvals, calendar deletion, record updates, or attendance/contact access.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are real or reused, they may expose or misuse a Feishu app with the permissions listed by the skill.
The setup instructions contain concrete-looking Feishu app credentials rather than placeholders, and the code uses these values to mint tenant access tokens.
export FEISHU_APP_ID="cli_a93078949238dbb3"; export FEISHU_APP_SECRET="AVJVZYEdlVIPtF8G50aDPdiXIiJXmWyX"
Replace these values with placeholders, rotate the displayed secret if it is real, and require users to provide their own least-privilege Feishu app credentials.
A caller that can reach the local API may be able to attempt approval actions using supplied user identifiers, depending on the Feishu app's permissions and server-side enforcement.
Approval actions take the acting approver identity from the request body while using app-level Feishu credentials, with no local caller authentication shown.
open_id: str = Field(..., description="操作人 open_id(审批人)"); payload = {"approval_code": req.approval_code, "instance_code": req.instance_code, "task_id": req.task_id, "user_id": req.open_id}Add local authentication, require explicit user confirmation for approval actions, restrict allowed users/tasks, and rely on least-privilege Feishu permissions.
While the service is running, a local process or browser page that can reach localhost could try to drive Feishu actions through the API.
The FastAPI service enables wildcard cross-origin access, and the provided app setup shows no inbound authentication middleware before registering the Feishu action routes.
app.add_middleware(CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"])
Require a local API token or other authentication, remove wildcard CORS, bind only to localhost, and add confirmations for high-impact operations.
The service may fail to start or may depend on an unreviewed external module for Feishu credential handling if such a package is present.
Several modules import auth helpers from `feishu_toolkit`, while the provided package contains `feishu_supertoolkit/auth.py`; the reviewed dependency list does not clearly declare that external auth package.
from feishu_toolkit.auth import feishu_request
Fix the imports to use the included auth module or explicitly declare and review the intended dependency.
Media files provided to the tool will be processed by local ffmpeg binaries before upload to Feishu.
The skill runs local ffmpeg/ffprobe binaries to convert and inspect audio files; this is purpose-aligned for audio card support and does not use shell execution.
cmd = ["ffmpeg", "-i", input_path, "-c:a", "libopus", "-b:a", "64k", "-y", output_path]; result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
Use trusted ffmpeg builds and only process files intentionally selected for sending.