飞书文档文件夹摘要生成器
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: feishu-folder-summary Version: 1.0.0 The skill bundle is benign. The `SKILL.md` file clearly outlines the purpose of extracting and summarizing Feishu folder content, using documented `feishu_wiki` and `feishu_doc` API calls for reading data. There are no prompt injection attempts or instructions for the agent to perform malicious actions. The `scripts/summary_generator.py` is a pure utility script for processing text and generating a Markdown report, without any suspicious imports, network calls, file system access beyond standard I/O, or code execution capabilities. All components align with the stated purpose of generating a summary report.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill on a broad Feishu folder could read and summarize every accessible document and subfolder below that link.
The skill intentionally chains Feishu folder traversal with document reads, which is expected for folder summarization but can cover many documents if run on a high-level folder.
Recursively traverses the folder structure using feishu_wiki API ... Reads each document's content using feishu_doc API
Use it only with folder URLs you intend to summarize, and consider asking for confirmation or limiting depth/scope for large or sensitive folders.
The skill may access any documents under the supplied folder that the configured Feishu identity is allowed to read.
Reading Feishu documents requires delegated Feishu access or account permissions; this is purpose-aligned, but the artifacts do not describe which credential or permission scope is used.
feishu_doc action="read" doc_token="{obj_token}"Run it with the least-privileged Feishu account or app permissions suitable for the folder, and avoid using it on folders containing unrelated confidential documents.
Users have less external context for publisher reputation or change history.
The skill does not provide a public source or homepage for provenance, although the supplied artifacts themselves do not show risky install behavior.
Source: unknown; Homepage: none
Review the included files before use and prefer verified sources for workflows that access business documents.