WeChat to Feishu Wiki
Security checks across malware telemetry and agentic risk
Overview
This skill is narrowly designed to copy user-supplied WeChat article content into a user-specified Feishu Wiki, with some expected caution needed around Feishu write permissions and optional Chrome use.
This skill appears coherent and purpose-aligned. Before installing or using it, make sure you provide the exact Feishu Wiki target, grant the bot only the minimum needed permissions, and use Chrome/Chrome Relay only when web_fetch cannot retrieve the article content.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user gives the wrong Wiki link or approves the wrong target, the agent could create pages in an unintended Feishu location.
The skill tells the agent to create a Feishu child page and write content into it. This is purpose-aligned, but it is still a mutation of the user's Feishu workspace.
`feishu_wiki.create` 在目标节点下创建 docx 子页面。 6. `feishu_doc.write` 一次性写入内容。
Provide only the intended target Wiki link, review the returned page link, and check batch-import summaries for any failed or misplaced pages.
A bot with broad permissions could modify content in the granted Feishu location if misused or pointed at the wrong target.
The skill expects a Feishu bot to have edit or, if needed, full access to the target knowledge base/document. That delegated authority is expected for writing pages, but full access is broader than simple read-only archiving.
目标知识库/文档已给 Bot 权限(至少可编辑,必要时 full access)。
Grant the minimum Feishu permission needed, restrict it to the specific Wiki/node being used, and avoid full access unless it is truly required.
Browser-based extraction may expose the loaded page/session context used for the archive operation to the agent.
The skill may use the user's Chrome profile for DOM extraction when explicitly requested. The artifacts include safeguards, but using a browser profile can rely on the user's local session context.
若用户明确要求“用我的 Chrome”:优先 `browser` + `profile: "user"`。
Prefer web_fetch when it works; only authorize Chrome or Chrome Relay for the intended WeChat article page and disable/stop the browser attachment when finished.