飞书增强套件
ReviewAudited by ClawScan on May 18, 2026.
Overview
This appears to be a legitimate Feishu automation helper, but it requests powerful Feishu app credentials and token access without declaring or clearly bounding that authority.
Review before installing. Use a least-privilege Feishu app, do not put App Secret values in TOOLS.md or other prompt/context files, configure credentials securely, and require confirmation before sending messages or performing bulk table changes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the agent may gain Feishu app-level access capable of sending messages or changing workspace data within the app's permissions, and raw tokens could appear in logs or chat context.
The helper reads a Feishu app secret and emits a tenant access token, while the supplied registry metadata declares no required environment variables or primary credential. This is powerful workspace authority that is not clearly declared or bounded.
local app_secret="${FEISHU_APP_SECRET}" ... echo "$response" | jq -r '.tenant_access_token'Declare the credential requirements, keep the app secret in a secure secret store or environment variables rather than prompt files, avoid exposing raw tenant tokens, and grant the Feishu app only the minimum scopes needed.
A mistaken or overly broad request could create incorrect business records or send messages to unintended recipients.
The included helper can batch-create Feishu table records and send Feishu messages. These operations match the stated automation purpose, but they are high-impact actions if invoked with the wrong target or content.
records/batch_create ... send_message() ... /open-apis/im/v1/messages
Require explicit user confirmation for bulk record operations and message sends, including recipient IDs, table IDs, record counts, and final content.