ClawHub
Back to skill
v1.0.0

WeChat to Feishu Wiki

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:28 AM.

Analysis

This skill is narrowly designed to copy user-supplied WeChat article content into a user-specified Feishu Wiki, with some expected caution needed around Feishu write permissions and optional Chrome use.

GuidanceThis skill appears coherent and purpose-aligned. Before installing or using it, make sure you provide the exact Feishu Wiki target, grant the bot only the minimum needed permissions, and use Chrome/Chrome Relay only when web_fetch cannot retrieve the article content.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`feishu_wiki.create` 在目标节点下创建 docx 子页面。
6. `feishu_doc.write` 一次性写入内容。

The skill tells the agent to create a Feishu child page and write content into it. This is purpose-aligned, but it is still a mutation of the user's Feishu workspace.

User impactIf the user gives the wrong Wiki link or approves the wrong target, the agent could create pages in an unintended Feishu location.
RecommendationProvide only the intended target Wiki link, review the returned page link, and check batch-import summaries for any failed or misplaced pages.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
目标知识库/文档已给 Bot 权限(至少可编辑,必要时 full access)。

The skill expects a Feishu bot to have edit or, if needed, full access to the target knowledge base/document. That delegated authority is expected for writing pages, but full access is broader than simple read-only archiving.

User impactA bot with broad permissions could modify content in the granted Feishu location if misused or pointed at the wrong target.
RecommendationGrant the minimum Feishu permission needed, restrict it to the specific Wiki/node being used, and avoid full access unless it is truly required.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
若用户明确要求“用我的 Chrome”:优先 `browser` + `profile: "user"`。

The skill may use the user's Chrome profile for DOM extraction when explicitly requested. The artifacts include safeguards, but using a browser profile can rely on the user's local session context.

User impactBrowser-based extraction may expose the loaded page/session context used for the archive operation to the agent.
RecommendationPrefer web_fetch when it works; only authorize Chrome or Chrome Relay for the intended WeChat article page and disable/stop the browser attachment when finished.