Skillv1.1.4

ClawScan security

schedule-feishu · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 3:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a Feishu scheduling helper, but important implementation details are missing and some instructions ask it to modify shared agent files — that combination is inconsistent and warrants caution.
Guidance: Before installing: (1) Confirm that you already have the feishu-doc skill installed and authorized — this skill relies on that other skill for Feishu API access, but the dependency is not declared in the metadata. (2) Verify where HEARTBETA.md lives in your environment and whether you want this skill to append heartbeat checks to a shared file (this modifies global agent configuration). (3) Review how the Feishu doc token (doc_token) will be provisioned and stored in config.json; storing tokens in a local file has privacy implications. (4) Be comfortable with the skill automatically extracting and persisting your chatId from message context and with it sending the full document URL to you after each update (consider privacy/share settings for that document). If any of these points are unacceptable or unclear, request the publisher to (a) explicitly declare dependencies and required credentials, (b) provide precise locations and permission model for HEARTBETA.md changes, and (c) explain how doc_token is obtained and protected.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (Feishu schedule management) aligns with the instructions (create/update a Feishu doc, send reminders). However the SKILL.md depends on another skill ('feishu-doc') and other tools ('message', 'heartbeat', 'config') but the registry metadata does not declare these dependencies or required credentials — the dependency is implicit rather than declared.
Instruction Scope: concernInstructions ask the agent to auto-extract the user's Feishu chatId from message context and persist it in skills/schedule-feishu/config.json (expected), but also instruct appending heartbeat checks to a HEARTBETA.md file — that appears to modify a global/shared agent file (scope creep). The skill also mandates always sending full document URLs after updates, which could leak document links outside intended flows if not carefully scoped.
Install Mechanism: okThis is an instruction-only skill with no install spec or remote downloads, so there's no installer risk from archives or external URLs.
Credentials: noteNo environment variables or credentials are declared in metadata. SKILL.md references a doc_token and expects Feishu app authorization via the 'feishu-doc' dependency — it's plausible the token is managed by that other skill, but the absence of any stated credential requirements (or explicit linking to feishu-doc) is an omission that reduces transparency.
Persistence & Privilege: concernThe skill writes a config.json into skills/schedule-feishu (normal), but it also instructs appending checks to a HEARTBETA.md file (a shared heartbeat configuration). Modifying global agent/heartbeat configuration increases the skill's blast radius and should be made explicit and authorized.