Feishu Messaging.Bak
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This Feishu messaging skill matches its stated purpose in part, but it embeds undeclared Feishu app credentials and can send messages or read contact details under an unclear app identity.
Do not run the included helper scripts until the publisher removes hardcoded Feishu secrets, declares the required credentials and exact Feishu scopes, and explains the metadata mismatch. If you still use it, supply your own limited-permission Feishu app credentials and explicitly review every recipient, message, contact lookup, and file upload.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages may be sent using an unknown or publisher-controlled Feishu app identity, and exposed app credentials could be abused or revoked.
The script falls back to embedded Feishu app credentials instead of requiring declared user-provided credentials, then uses them to obtain a tenant access token and send messages.
const APP_ID = process.env.FEISHU_APP_ID || 'cli_a93d0180c0b99cba'; const APP_SECRET = process.env.FEISHU_APP_SECRET || 'KJXQ3hqd...';
Remove hardcoded app secrets, declare FEISHU_APP_ID and FEISHU_APP_SECRET as required credentials, and require users to supply their own least-privilege Feishu app credentials.
Running the helper may expose organization directory information such as email addresses, phone numbers, employee numbers, and departments beyond what a user expects for simple message sending.
The script searches the Feishu contact directory and prints personal contact details, while the documented permission table focuses on messaging, chats, and chat members.
path: `/open-apis/contact/v3/users/search?...name=${encodeURIComponent(name)}...`; console.log(` 邮箱:${details.email || 'N/A'}`); console.log(` 手机:${details.mobile || 'N/A'}`);Clearly document the exact contact-directory scopes used, minimize returned fields, and require explicit user approval before looking up or displaying personal contact details.
If invoked with the wrong recipient or content, the agent could send unintended messages into Feishu.
Sending messages as a bot is central to the skill's purpose, but it is still a third-party account action that can affect real Feishu conversations.
| 发送文本消息 | ✅ 可用 | `im:message:send_as_bot` |
Confirm the recipient, message body, and bot/app identity before sending any Feishu message.
The package may be a stale, repackaged, or copied variant, making it harder to verify who owns the Feishu credentials and code.
The embedded metadata conflicts with the supplied registry listing, which names the skill feishu-messaging-bak at version 1.0.0 with a different owner ID.
"ownerId": "kn7bsdhpz7e3pyqbbtabcswgp980ncty", "slug": "feishu-messaging", "version": "0.0.3"
Ask the publisher to align registry and package metadata, identify the source repository, and explain ownership of the embedded Feishu app before use.