Feishu Doc Block Writer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The listing describes an image-generation skill, but the included instructions are for automatically creating Feishu documents using scripts that are not included for review.
Install only if you specifically want a Feishu document-writing skill, not an image generator. Before using it, verify the missing scripts, correct the registry description, require explicit confirmation for every document write, and use a limited Feishu account/folder.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You might install or invoke it expecting image generation, while it is designed to create and write Feishu documents.
This registry-facing description conflicts with SKILL.md, which describes Feishu document creation and block writing. Users or agents could trust the listing and invoke a capability different from what the skill instructions actually do.
Description: Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image).
Do not install until the listing description and the skill contents are made consistent.
Long replies or Mermaid content could lead to unintended Feishu documents being created or populated.
The skill tells the agent to automatically trigger on broad conditions and then create/append Feishu document content. That can mutate an external workspace even when the user did not explicitly ask to create a document.
自动触发:- 内容超过 500 字 ... - 回答超过 200 字(200 字规则) - 包含 Mermaid 图表 ... 核心原则:使用 `create` 创建空文档;使用 `append` 逐块追加内容
Require explicit user confirmation before creating or appending any Feishu document, and narrow automatic triggers to direct document-creation requests only.
The skill may fail, or worse, the agent may run a local script that was not supplied or reviewed with this package.
The instructions reference runnable scripts such as block-writer.py and create-doc-template.py, but those scripts are not included in the reviewed package. Any execution would depend on missing or local unreviewed code.
No code files present — this is an instruction-only skill. File manifest: QUICK-REFERENCE.md, skill.json, SKILL.md, TEST-REPORT.md
Publish the referenced scripts with the skill, add an install spec, and ensure all executable code is reviewed before use.
The skill can create and write documents in the Feishu workspace associated with the configured tool or account.
Using Feishu account/workspace authority is expected for a Feishu document writer, but the registry requirements declare no primary credential or capability tags, so users need to verify what account and permissions will be used.
飞书凭证(可选)... 调用 feishu_doc 创建空文档 ... 逐块追加内容
Use a least-privileged Feishu account, confirm the target tenant/folder before each write, and document the credential requirements in metadata.
Feishu document references may persist locally and could be reused in later agent tasks.
The recommended template describes persistent memory logging. This is related to archive tracking, but it may retain document links, folder tokens, titles, or other metadata for later context.
自动写入归档记录到 memory/YYYY-MM-DD.md
Confirm what is written to memory, avoid logging sensitive document details, and provide a clear cleanup or opt-out option.