Feishu Messaging
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Feishu messaging guide, but it relies on Feishu bot credentials that can read chat information and send messages or files.
Before installing or using this skill, confirm you are comfortable giving the agent Feishu bot credentials, limit the bot to only the required scopes, and review every recipient, message, and attachment before it is sent.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are supplied, the agent can act as the Feishu bot within the granted scopes.
The skill requires Feishu app credentials and bot permissions to send messages and read chat/member information. This matches the stated purpose, but it grants meaningful workspace authority.
`im:message:send_as_bot`, `im:chat:readonly`, `im:chat.members:read` ... `.app_id("YOUR_APP_ID")` ... `.app_secret("YOUR_APP_SECRET")`Use a dedicated Feishu app with least-privilege scopes, rotate secrets if exposed, and avoid giving broader tenant permissions than needed.
A mistaken recipient, message body, or file choice could disclose information to the wrong Feishu user or chat.
The documented workflow can send messages and upload local files to Feishu. This is expected for a messaging skill, but these actions are externally visible and may be hard to undo.
`client.im.v1.message.create(request)` ... `file = open("飞书20260129-173520.mp4", "rb")` ... `client.im.v1.file.create(request)`Require clear user approval for recipients, message content, and file paths before sending or uploading through Feishu.