飞书文档搜索助手
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the skill artifact may be able to reuse the embedded Feishu app credential according to that app’s permissions, potentially exposing tenant documents or account capabilities.
The skill embeds a Feishu application secret and gives a tenant_access_token retrieval command, while the metadata declares no primary credential or required environment variables.
“飞书 API 凭证” ... “App ID: `cli_a932...`” ... “App Secret: `w3RGN8...SKMxL8`” ... “获取 tenant_access_token”
Revoke and rotate the exposed Feishu secret, remove credentials from SKILL.md, require user- or tenant-owned OAuth/env-based credentials, and document the exact scopes needed.
The skill may read a large portion of the configured Feishu knowledge space, including structured tables and attachments, when answering questions.
Recursive document traversal and reading multiple Feishu content types is purpose-aligned for a search assistant, but it is broad access that users should understand before enabling.
“递归遍历 `root_node_token` 下的所有子节点” and supported types include “docx, sheet, bitable, board” plus “PDF附件 ... download”.
Confirm the configured root is intentionally scoped, add exclusions or depth limits where appropriate, and require clear user approval before broad searches or attachment downloads.
A user’s question, which may include sensitive business context, could be sent to another Feishu account or bot automatically.
The shipped configuration enables automatic forwarding of certain user questions to a named Feishu bot/user, but the data boundary and per-query consent are not clearly controlled.
“tech_collaboration”: { “enabled”: true, “tech_bot_name”: “杨毛毛2号”, “tech_bot_id”: “ou_adba...”, “forward_message”: “这个问题属于少儿技术范畴,让我询问技术空间负责人杨毛毛2号。” }Disable automatic forwarding by default, ask the user before each transfer, and clearly document who receives the question and what data is shared.