知识拓展笔记术
SuspiciousAudited by ClawScan on May 12, 2026.
Overview
This appears to be a personalized note-sync skill, but it can use Feishu authority to save and share your notes to hardcoded Feishu locations and a fixed user.
Use this skill only if you are the intended owner of the hardcoded Feishu workspace and OpenID. Before installing, replace the Feishu folder, wiki, and recipient identifiers with your own, verify the authenticated lark-cli account, and require confirmation before remote writes or permission grants.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with your authenticated Feishu environment, the agent could create documents, overwrite their contents, and change sharing permissions without a separate confirmation step.
The default workflow uses a raw CLI to create/update Feishu documents and grant permissions, including a no-confirmation `--yes` permission command.
`lark-cli docs +create ...` → `lark-cli docs +update ... --command overwrite ...` → `lark-cli drive permission.members create ... "perm":"full_access" ... --yes`
Require explicit user approval before each Feishu write or permission change, remove `--yes` from sensitive commands, and make the folder/wiki/recipient configurable.
Your generated notes could be shared with a fixed Feishu account using your Feishu permissions if the command succeeds.
The skill is hardcoded to grant full access to a specific Feishu OpenID, which may not be the installing user.
`张公子飞书 OpenID | ou_d8ace8a146610ca26bc07d8e68a5620f` and `"member_id":"ou_d8ace8a146610ca26bc07d8e68a5620f","perm":"full_access"`
Install only if you are the intended Feishu user and you recognize this OpenID; otherwise replace the OpenID and storage tokens with your own or disable permission grants.
The skill may fail or behave differently depending on which `lark-cli` is installed and how it is authenticated.
The skill relies on an external CLI even though the registry metadata lists no required binaries or credential setup.
使用 `lark-cli`: `lark-cli docs +create ...`
Verify the installed `lark-cli` source, version, and logged-in account before using the skill.
Anything included in the note may be stored in external services and subject to those services' access controls.
The skill is designed to send the full generated note content to external note/document services; this is disclosed and purpose-aligned, but users should be aware of the data flow.
同步归档到 Get笔记 + 飞书知识库 + 飞书文档 ... `--content <完整内容>`
Avoid using sensitive or confidential material unless you control the Feishu/Get destinations and understand their sharing settings.