Back to skill
Skillv3.4.0
ClawScan security
明歌内训课内容加工 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 4:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required actions, and outputs are coherent with its stated purpose of reading a Feishu document and producing four processed versions; nothing in the package requests unrelated credentials, installs, or behavior.
- Guidance
- This skill appears to do what it says: it will read a Feishu wiki/doc (participants, comment timestamps, transcript), generate four documents, and create those as child nodes in the same Feishu space. Before installing or invoking it, confirm: (1) you trust the agent and the platform connector with the document's contents (transcripts and comments may include personal or sensitive data); (2) the Feishu integration has appropriate read/write permissions — the skill will create new pages under the original parent node; and (3) you understand it always generates all four versions regardless of which trigger word you use. If you have strict data-handling requirements, avoid providing documents with PII or restrict who can access the generated pages.
Review Dimensions
- Purpose & Capability
- okThe skill claims to read a Feishu wiki/doc (participants, comments, transcript) and produce four document versions, and its runtime instructions exclusively describe using feishu_wiki and feishu_doc actions to read and create child nodes — this is proportionate and expected for the stated purpose.
- Instruction Scope
- okSKILL.md instructs the agent to extract tokens from the provided Feishu link, read the document contents, generate four versions, create wiki child nodes, and write content back. It does not instruct reading unrelated files, environment variables, or contacting external endpoints outside Feishu; the behavior stays within the described workflow.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — lowest-risk model for disk persistence or arbitrary downloads.
- Credentials
- noteNo environment variables or external credentials are declared in the skill itself. However, the workflow requires access to the user's Feishu documents (via feishu_wiki / feishu_doc actions) and therefore implicitly requires Feishu access tokens/permissions provided by the platform or connector; this is appropriate but users should be aware it needs Feishu read/write permissions.
- Persistence & Privilege
- okalways is false, the skill is user-invocable, and it does not request persistent system-wide privileges. The only side-effect is creating child wiki pages in the user's Feishu knowledge base, which is within scope.