Back to skill
Skillv1.0.0
ClawScan security
ri · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 6:47 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches a Feishu document read/write helper, but there are unexplained inconsistencies (notably around table creation) and undocumented assumptions about auth and local file access that you should verify before installing.
- Guidance
- This instruction-only Feishu document tool is generally coherent, but verify a few things before installing: 1) Clarify how the skill authenticates to Feishu (what token or platform-provided credential will be used) and ensure the required Feishu app scopes are appropriate. 2) Ask the publisher to explain the contradiction about table creation — the reference file says tables cannot be created via the API while the SKILL.md provides create_table actions. 3) Confirm whether the agent will be granted access to local files you might upload (e.g., /tmp/image.png) and that you’re comfortable exposing those files. 4) Test on non-sensitive documents first. If the publisher cannot explain the table-creation discrepancy or the auth model, treat the skill as untrusted.
Review Dimensions
- Purpose & Capability
- noteThe name/description and instructions focus on Feishu doc read/write operations and the included block-types reference supports that. However, the SKILL.md advertises actions to 'create_table' and 'create_table_with_values' while the references/block-types.md explicitly states table blocks cannot be created via the API (error 1770029). That is a direct capability contradiction and should be clarified.
- Instruction Scope
- noteInstructions remain within the scope of manipulating Feishu documents (read, list blocks, update, upload images/files). They do assume access to inbound metadata (sender_id → owner_open_id) and to local filesystem paths (e.g., /tmp/image.png) for uploads; those are not declared but are reasonable platform assumptions — still, they should be documented (how the agent obtains auth and file access).
- Install Mechanism
- okInstruction-only skill with no install spec, no binaries, and no code files — lowest install risk.
- Credentials
- noteNo environment variables or credentials are declared, but the SKILL.md lists required Feishu scopes (docx:document, docx:document:readonly, docx:document.block:convert, drive:drive). The skill does not document how authentication tokens are supplied (app token, user token, or platform-provided context), which is important to confirm. It also expects access to inbound metadata (sender_id).
- Persistence & Privilege
- okSkill is not forced-always, and does not request persistent system-level privileges. Autonomous invocation is enabled by default (normal).