Skillv1.0.3

ClawScan security

feishu-doc-reviewer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 11:10 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (reads/writes Feishu documents and requires Feishu credentials) matches its description, but the package/registry metadata omits required environment variables and the skill runs code that can modify documents — this mismatch and the write capability warrant caution.
Guidance: This skill appears to do what it claims — read comments and modify Feishu docs — and includes the necessary code. However: (1) the package/registry metadata omits required environment variables; you must provide FEISHU_APP_ID and FEISHU_APP_SECRET (and optionally FEISHU_BASE_URL) in a .env or environment for it to work. (2) The skill will be able to modify and delete document content and post replies once given valid credentials — grant only a dedicated app with the minimum permissions needed, and add the app only to documents you trust. (3) Review the code yourself (feishu_api.py, process_comment.py, mcp_server.py) before running; running the MCP server gives the agent programmatic write access. (4) Prefer using an app with limited scope/tenant and test on non-production documents first. The metadata omission is an indicator of sloppy packaging (or incomplete registry data) rather than overt malice, but you should proceed cautiously.

Review Dimensions

Purpose & Capability: noteThe name/description (Feishu doc read/write, comment handling, delete/modify blocks) aligns with the included code (feishu_api, comment processors, MCP server). However, the registry metadata lists no required env vars or primary credential while the code clearly requires FEISHU_APP_ID and FEISHU_APP_SECRET to function. This is an incoherence between claimed requirements and actual needs.
Instruction Scope: okSKILL.md and scripts consistently instruct the agent to fetch comments, read block content, update/delete text, reply and resolve comments via the Feishu API. The runtime instructions and code only reference Feishu APIs and local .env config; they do not attempt to read unrelated system paths or exfiltrate to third-party endpoints. The instructions do require running a local MCP server or CLI which will give the agent programmatic ability to perform write operations on documents.
Install Mechanism: okThere is no network download/install of arbitrary binaries. Dependencies are standard Python packages listed in requirements.txt (requests, python-dotenv, mcp). The skill is instruction+code only and instructs pip installing those dependencies — no high-risk install URLs or extracted archives detected.
Credentials: concernThe skill needs Feishu credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) and optionally FEISHU_BASE_URL in .env to obtain tenant_access_token and act on documents. The registry metadata incorrectly lists no required env vars or primary credential — this omission is misleading. The requested secrets are necessary for the described functionality, but the metadata mismatch and presence of a .env file in the repo are concerning from an operational/visibility standpoint.
Persistence & Privilege: notealways:false (good). The skill exposes autonomous-invocable tools (MCP) that can perform destructive write operations (update/delete block, delete selected text) when given credentials. Autonomous invocation is normal for skills, but because these tools modify user documents, the operator should ensure least-privilege credentials and explicit confirmation before the agent performs write actions.