OpenClaw FEISHU MCP
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s Feishu document integration is plausible, but it uses a hardcoded app secret and enables automatic cloud document read/write actions without clear scope or confirmation controls.
Review this carefully before installing. Do not paste the provided app secret into your configuration unless you understand who owns it and what Feishu permissions it grants. If you proceed, use your own scoped Feishu app credentials, verify the MCP endpoint and plugin source, and require explicit confirmation before the agent writes, replaces, or appends cloud document content.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing as written could cause the agent to authenticate to Feishu using an embedded app credential with unclear ownership and permissions.
The skill provides a non-placeholder-looking Feishu app secret directly in configuration instructions, while the registry metadata declares no primary credential or required environment variables. This is high-impact account/app authority that is not clearly user-specific or scoped.
"appID": "cli_a926728f3e38dcba", "appSecret": "BiL8CymBwxiA998MXxvUKbN23RhPsxAg"
Do not use the embedded secret. Require users to provide their own Feishu app credentials through a secret store or environment variables, declare those credentials in metadata, and document the exact Feishu permissions needed.
An agent could modify or overwrite cloud documents or tables in Feishu more broadly than the user intended.
The skill advertises automatic agent use of tools that can replace, append, create, and write Feishu documents and tables, but it does not define approval gates, scope limits, rollback guidance, or protections for destructive edits.
Write Document: "Replace document content" ... "Once configured, AI can automatically use Feishu MCP tools"
Require explicit user confirmation before write, replace, append, or create actions; limit access to selected documents or folders; and document recovery or versioning expectations.
Sensitive Feishu document content or document identifiers may be processed by the configured MCP endpoint.
The integration uses a remote MCP proxy for Feishu document operations. This is purpose-aligned and disclosed, but document tokens and content may pass through that remote service.
"mcpUrl": "https://feishu-openai-mcp-proxy.bytedance.net/mcp"
Use this only if you trust the MCP endpoint and understand Feishu’s data handling. Prefer tenant-approved endpoints and avoid sending highly sensitive documents unless the data boundary is acceptable.
The reviewed skill only documents configuration; the safety of the actual Feishu plugin depends on code not provided here.
The supplied artifacts contain no code or install spec for the referenced plugin, so the actual implementation and provenance of the Feishu channel are outside the reviewed artifact set.
Dependencies: "Feishu OpenClaw plugin (channel: feishu)"
Verify the referenced plugin source, publisher, permissions, and update channel before enabling it with Feishu credentials.