v1.0.0

OpenClaw飞书任务管理

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:33 AM.

Analysis

This is a coherent Feishu task-management instruction skill, but it can use your Feishu identity to make persistent task and member changes.

GuidanceInstall this only if you want the agent to manage Feishu tasks for you. Before allowing changes, check the target task/list IDs, due dates, assignees, followers, and any group members; ask for confirmation before deletes or broad sharing changes.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

需要创建、查询、更新、删除任务 ... 创建、管理任务清单 ... 添加清单成员

The skill documents mutating Feishu task and tasklist operations, including deletion and member changes. This is expected for a task manager, but these actions can alter workspace records.

User impactIf invoked on the wrong request or with the wrong IDs, it could create, complete, edit, delete, or share Feishu tasks and task lists.

RecommendationUse it only for intended Feishu task-management requests, and confirm destructive actions such as deletion or membership changes before proceeding.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

工具使用 `user_access_token`（用户身份） ... current_user_id 参数（从 SenderId 获取） ... 自动添加为 follower

The skill uses the Feishu user's delegated identity and message sender ID, and may add the current user as a follower to preserve edit access. This is disclosed and purpose-aligned, but it is account-authority behavior users should notice.

User impactActions are performed with the user's Feishu permissions and may assign or expose task visibility to selected users or groups.

RecommendationVerify the Feishu account context and member IDs before use, especially when assigning coworkers, adding chat groups, or relying on automatic follower behavior.