ClawHub

Feishu Drive

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This Feishu Drive skill is coherent and purpose-aligned, but users should be careful because it can move or delete cloud files and the actual tool implementation is not included in the artifacts.

This appears to be a straightforward Feishu Drive instruction skill. Before installing, make sure you trust the source of the referenced Feishu tool, understand how Feishu authentication is provided, and require confirmation before moving or deleting important files.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

If the agent acts on the wrong file or folder, Feishu Drive content could be moved or deleted.

Why it was flagged

The skill exposes cloud-drive mutation and deletion operations. This is aligned with the skill purpose, but mistakes could affect the user's Feishu files.

Skill content
`feishu_drive`: List, info, create_folder, move, delete files/folders in Feishu Drive
Recommendation

Confirm exact file/folder IDs, destinations, and deletion intent before using move or delete actions, especially for shared or business documents.

#
ASI03: Identity and Privilege Abuse
Info
What this means

The skill may operate with whatever Feishu Drive permissions the authenticated account has.

Why it was flagged

The skill depends on Feishu account permissions. That is expected for this integration, but the provided metadata does not specify how authentication is handled.

Skill content
User must have Feishu account with appropriate permissions to access cloud storage.
Recommendation

Use an account with only the permissions needed, and verify the authentication flow before allowing file changes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

The review can verify the written instructions, but not the behavior of the referenced Feishu tool if it is supplied elsewhere.

Why it was flagged

The skill references a Feishu Drive tool, while the artifact set contains no install spec or code files, so the tool implementation and provenance cannot be assessed from these artifacts.

Skill content
## Tools Available

- `feishu_drive`: List, info, create_folder, move, delete files/folders in Feishu Drive
Recommendation

Install only if the Feishu tool is provided by a trusted platform or review the tool implementation before use.