ClawHub
Back to skill
v1.0.0

feishu-doc-long-content

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:02 AM.

Analysis

This is a simple instruction-only skill for creating and writing Feishu Docs in small chunks, with no code or hidden install behavior shown.

GuidanceThis skill appears safe and coherent for its purpose. Before installing or using it, remember that it can guide the agent to create and write persistent Feishu documents; confirm the target account, document token, title, and content, especially if the content is private or business-sensitive.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
```json
{ "action": "create", "title": "笔记 Ch1" }
...
{ "action": "write", "doc_token": "ABC123", "content": "精简版内容..." }
...
{ "action": "read", "doc_token": "ABC123" }
```

The skill instructs use of create, write, and read actions against Feishu Docs. This is exactly the stated purpose, but it can modify persistent documents in a user’s Feishu workspace.

User impactIf invoked on the wrong account or document token, the agent could create or overwrite content in an unintended Feishu document.
RecommendationUse it only when you want the agent to create or update Feishu Docs, and confirm the title, target document token, and content chunks before writing.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceMediumStatusNote
SKILL.md
飞书文档工具 `feishu_doc` 的 `write` / `create` action

The skill depends on a Feishu document tool that presumably acts with whatever Feishu permissions are available to the user or agent. The artifact does not show credential theft or misuse, but the account authority is relevant to installation decisions.

User impactThe agent may use existing Feishu document permissions to create, read, or write documents.
RecommendationEnsure the Feishu integration has only the permissions needed for the intended workspace and documents.