飞书媒体发送
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Feishu media-sending skill, but it can upload local files and post them to Feishu, so users should verify the file and recipient before use.
This skill appears safe for its stated purpose if you intend the agent to send media through Feishu. Before using it, confirm the target chat or user, check that the selected file or URL is correct, and be especially careful with confidential documents or archives.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken file path or Feishu recipient could send private media or documents to the wrong chat or user.
The skill instructs the agent to use a messaging tool to upload local files to Feishu. This is central to the stated purpose, but sharing the wrong file or target could expose private content.
`message action=send channel=feishu filePath=/path/to/file.pdf message="文件说明"`
Before sending, verify the exact file path, remote URL, and Feishu target; prefer explicit user confirmation for sensitive or external recipients.
The authorized Feishu app or account can post messages and upload files according to those permissions.
The skill needs Feishu permissions to send messages and upload resources. These permissions are expected for this integration, but they grant delegated authority in the user's Feishu workspace.
飞书应用需要 `im:message`、`im:resource` 权限
Use the least-privileged Feishu app configuration available and revoke access if the skill is no longer needed.
Voice conversion or duration detection may fail unless the user has the expected local tools installed.
The registry lists no required binaries, while the skill documentation says ffmpeg/ffprobe may be needed. This is a metadata completeness issue, not evidence of hidden behavior.
需要 ffmpeg/ffprobe 支持语音格式转换和时长检测
Install media tools only from trusted sources and check generated files before sending them.
Running the examples on the wrong inputs could overwrite an output file or package unintended content.
The skill includes local command examples for converting and packaging media. They are user-directed and aligned with the media-sending purpose, but they write local output files.
`ffmpeg -i input.mp3 -ar 16000 -ac 1 -acodec libopus output.ogg -y`
Run conversion and archive commands only on intended files, use safe output paths, and inspect archives before sending.