Feishu Messaging.Bak2
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly aligned with Feishu messaging, but its scripts embed Feishu app secrets and can use tenant-level access to read contacts and send messages without declaring those credentials.
Review this skill carefully before use. Do not rely on the embedded Feishu credentials; ask the publisher to remove and rotate them, declare required credentials, and document the exact Feishu scopes. If you use it, confirm every recipient and message before sending and avoid unnecessary contact-directory lookups.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the helper may use the embedded Feishu app identity rather than their own configured app, and the exposed secret could be abused if still valid.
The script embeds a Feishu app credential fallback and uses it to mint a tenant_access_token; the registry declares no credential requirement, making this high-impact account authority under-disclosed.
const APP_ID = process.env.FEISHU_APP_ID || 'cli_a93d0180c0b99cba'; const APP_SECRET = process.env.FEISHU_APP_SECRET || 'KJXQ3hqdRerY...'; ... path: '/open-apis/auth/v3/tenant_access_token/internal'
Remove hardcoded app secrets, rotate the exposed Feishu credential, declare FEISHU_APP_ID and FEISHU_APP_SECRET as required credentials, and use least-privileged app permissions.
A user or agent could unintentionally query and display personal Feishu directory data.
The user-search helper defaults to a named person when no argument is supplied and prints personal directory fields such as email and mobile number, which is broader than simply obtaining an open_id for messaging.
const searchName = process.argv[2] || '尹为'; ... console.log(` 邮箱:${details.email || 'N/A'}`); console.log(` 手机:${details.mobile || 'N/A'}`);Require an explicit search term, remove real-person defaults, minimize displayed fields to what is needed for messaging, and document the contact-directory permissions used.
Messages may be sent from the Feishu app if the agent runs the script with a recipient ID.
The helper can send Feishu messages to a caller-supplied recipient ID; this is expected for the skill, but it is still an external account mutation.
path: `/open-apis/im/v1/messages?receive_id_type=${receiveIdType}`, method: 'POST' ... const receiveId = process.argv[2];Only send after the user confirms the recipient, message content, and app identity being used.
Users may have difficulty verifying which package, owner, or version they are actually reviewing.
The internal metadata does not match the supplied registry identity for feishu-messaging-bak2 version 1.0.0, creating a provenance and packaging ambiguity.
"ownerId": "kn7bsdhpz7e3pyqbbtabcswgp980ncty", "slug": "feishu-messaging", "version": "0.0.3"
Reconcile the registry metadata, SKILL frontmatter, and _meta.json before publishing or installing.