Feishu File Sender
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims: upload a chosen local file to Feishu and send it as a bot message, using expected Feishu app credentials.
Before installing, confirm you are comfortable giving this skill Feishu bot app credentials and using it to upload local files to Feishu. It appears transparent and purpose-aligned, but only run it when the intended file and recipient are clear.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong file path or recipient, a local file could be sent to an unintended Feishu user or group.
The script uploads the specified local file to Feishu and then sends it as a file message to the selected or default recipient.
-F "file=@$FILE_PATH") ... "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=$RECEIVER_TYPE"
Use it only for explicit, intended file sends; review the file path, receiver ID, and receiver type before running.
The configured Feishu bot can send files/messages within the permissions granted to the app.
The skill requires Feishu app credentials and bot permissions that allow uploading resources and sending messages, which is expected for its purpose but sensitive.
Requires Feishu App credentials ... FEISHU_APP_ID ... FEISHU_APP_SECRET ... im:message:send_as_bot ... im:resource
Grant only the Feishu permissions needed for this use case, protect the app secret, and rotate it if you suspect unintended use.