Feishu Calendar Advanced
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: feishu-calendar-advanced Version: 1.0.0 The skill bundle provides instructions for managing Feishu calendar events using the `@teamclaw/feishu-agent` CLI tool. All commands and instructions in `SKILL.md` are directly related to the stated purpose of calendar management, involving standard `bunx` commands to execute the `feishu-agent`. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized remote control, persistence mechanisms, or prompt injection attempts against the OpenClaw agent. While the skill involves executing an external binary via `bunx` and handling sensitive API credentials (`appId`, `appSecret`), these actions are necessary for its legitimate function and are not instructed to be misused. Any potential vulnerabilities (e.g., shell injection in the `feishu-agent` CLI itself or supply chain risks) are not exploited or instructed by the provided skill definition.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with create or delete commands, the skill can add meetings or remove existing events from the user's Feishu calendar.
The skill can mutate Feishu calendar data by creating events, adding attendees, and deleting events. This is clearly part of the stated purpose and scoped to explicit commands, but it is still a meaningful account action.
`create --summary "Meeting" ...` | Create a new event ... `delete --event-id <event_id>` | Delete an event by ID
Review event titles, times, attendees, and event IDs before allowing create or delete operations; ask the agent to confirm before making changes.
The configured Feishu agent may be able to read calendar information and create or delete events within the granted calendar scopes.
The setup requires Feishu app credentials, OAuth authorization, and calendar permissions. These are expected for calendar management, but they grant access to the user's Feishu account data.
bunx @teamclaw/feishu-agent config set appSecret <your_app_secret> ... bunx @teamclaw/feishu-agent auth ... Required: `calendar:calendar`, `calendar:event`
Use the least-privileged Feishu app/scopes that support the needed calendar actions and avoid sharing app secrets outside the intended setup process.
The actual calendar operations and credential handling are performed by an external CLI package that was not reviewed in these artifacts.
The skill depends on an external package run through bunx, and that package's implementation is not included in the supplied artifacts. This is purpose-aligned but leaves behavior dependent on the external package supply chain.
`@teamclaw/feishu-agent` | Yes | Installed automatically via bunx
Verify the @teamclaw/feishu-agent package source and version before use, and prefer a pinned or trusted version if available.