周报月报生成
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not clearly malicious, but it can mislead users about Feishu document creation and it would use chat history or Feishu account access that should be reviewed.
Review this skill before installing. It appears intended for report generation, but do not rely on Feishu document creation unless the implementation returns a real document link or ID. Also review generated reports carefully, especially if they are based on recent chat history or will be written to Feishu.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may believe a Feishu report was successfully created or shared when no real document exists.
The only included Feishu document creation function returns a fixed success string rather than making a Feishu API call. Because the skill advertises direct Feishu document output, users could be told a document was created when it was not.
async function createFeishuDoc(content, userId) {
// 调用飞书文档创建
return '文档创建成功';
}Require a real Feishu API implementation, a returned document URL or ID, clear error handling, and user-visible confirmation before relying on this skill for submissions.
Recent chat content could be summarized into a weekly, monthly, or project report.
The skill explicitly says it can use recent conversation history as report input. That can be appropriate for summaries, but it may include private work details and can affect what is written into reports.
**上下文理解**:读取近期对话历史提取工作内容
Review the generated report before sharing it, and prefer explicit instructions about which messages or time range may be used.
If the Feishu integration is completed, the skill may write documents or send notifications through your Feishu workspace.
Creating or updating Feishu documents and sending IM notifications implies delegated Feishu account or workspace authority. This is aligned with the stated purpose, but the metadata does not declare a primary credential or required environment variables.
- 飞书云文档(创建/更新) - 飞书 IM(发送完成通知)
Grant only the minimum Feishu permissions needed, verify the target workspace/folder/recipients, and avoid broad document or messaging scopes.