ClawHub
Back to skill
v1.0.0

小游戏5分钟报告

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:26 AM.

Analysis

The report workflow is coherent, but it asks the agent to create and send Feishu documents without clearly scoping the account permissions, recipient, or user approval step.

GuidanceBefore installing, confirm exactly which Feishu account or workspace the skill can use, who it will message, what document sharing settings it will apply, and whether it will ask for your approval before sending.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
"Deliver": Create Feishu document with proper formatting and send via direct message

This directs the agent to create content and send a message through a third-party collaboration service, but the artifact does not define the recipient, document access level, or a required approval step before sending.

User impactThe agent could create and send a business report in Feishu to an unintended recipient or with unintended sharing settings.
RecommendationRequire a preview and explicit user confirmation for the Feishu recipient, document permissions, and final send action.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
"Dependencies" ... "Feishu document creation and messaging permissions"

The skill requires delegated Feishu authority, but the artifacts do not specify the account, workspace, permission scopes, or limits for document creation and messaging.

User impactUsing the skill may grant it the ability to create documents or send messages through a Feishu account beyond what the user expects.
RecommendationDeclare the required Feishu credential and permission scopes in metadata, and limit them to the minimum workspace, document, and messaging access needed.