Feishu Messaging.Bak2
WarnAudited by ClawScan on May 10, 2026.
Overview
This Feishu messaging skill is related to its stated purpose, but it embeds Feishu app credentials and can access or display contact details without clearly declaring that authority.
Do not install or run this skill until the Feishu app credentials are removed or replaced with your own declared credentials, the required Feishu permissions are documented, and you are comfortable with the contact data and message-sending actions it can perform.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could send messages or access Feishu resources using embedded app credentials rather than credentials you explicitly configured.
The script contains a real-looking Feishu app ID/secret and uses it to obtain a tenant access token, creating undeclared delegated account authority.
const APP_ID = 'cli_a93d751f19395cc1'; const APP_SECRET = 'KJXQ3...'; path: '/open-apis/auth/v3/tenant_access_token/internal'
Remove hardcoded secrets, require user-provided Feishu credentials or OAuth, declare the required permissions, and avoid running this skill until the credential source is clear.
Feishu directory information such as email, mobile number, and department may be exposed in tool output beyond what is needed to send a message.
The user-search script retrieves and prints personal contact details, which can enter agent logs or conversation context.
console.log(` 邮箱:${details.email || 'N/A'}`);
console.log(` 手机:${details.mobile || 'N/A'}`);
console.log(` 部门:${details.department_ids ? details.department_ids.join(', ') : 'N/A'}`);Limit returned fields to what is necessary for recipient disambiguation, disclose contact-data handling, and ask before displaying personal details.
A user may install the skill believing it has no credential or account-access requirements, while it actually performs authenticated Feishu API calls.
The registry metadata says no credentials are required, but the source code uses Feishu app credentials and tenant access tokens.
Required env vars: none Env var declarations: none Primary credential: none
Update metadata and SKILL.md to accurately list credentials, permissions, APIs used, and the source of any app identity.
If invoked with the wrong recipient or content, the agent can send unintended Feishu messages.
The script sends a real Feishu message to a recipient ID supplied on the command line, which is expected for the skill but still a high-impact action.
const receiveId = process.argv[2];
path: `/open-apis/im/v1/messages?receive_id_type=${receiveIdType}`,
method: 'POST'Confirm recipient, content, and credential identity before sending messages, especially in shared or production Feishu workspaces.
It is harder to tell whether this package is the intended version or a copied/backup variant.
The embedded metadata differs from the registry metadata for owner, slug, and version, creating provenance ambiguity.
"ownerId": "kn7bsdhpz7e3pyqbbtabcswgp980ncty", "slug": "feishu-messaging", "version": "0.0.3"
Verify the publisher and reconcile the package metadata before trusting the included scripts or credentials.