critical
suspicious.env_credential_access
- Location
- scripts/feishu-bitable.js:8
- Finding
- Environment variable access combined with network send.
Feishu Advanced Builder
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone who can see the command output may get temporary Feishu app access within the app's granted scopes.
Why it was flagged
The helper command can print a Feishu tenant access token to stdout. Agent transcripts, terminal logs, or shared run output could capture this token, and SKILL.md does not warn users about this token exposure.
Skill content
print({ ok: true, tenantAccessToken: token });Recommendation
Avoid printing tenant tokens by default. Mask the value, require an explicit debug-only request, and keep tokens out of chat, logs, and shared terminal output.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If the environment variable is set incorrectly or by an untrusted party, the Feishu app secret could be sent somewhere other than Feishu.
Why it was flagged
The app ID and app secret are posted to a base URL controlled by an undocumented environment variable. The default is Feishu, but an unexpected FEISHU_BASE_URL value would redirect credential submission.
Skill content
const BASE_URL = process.env.FEISHU_BASE_URL || 'https://open.feishu.cn/open-apis'; ... body: { app_id: APP_ID, app_secret: APP_SECRET }Recommendation
Pin or validate the Feishu API host, document FEISHU_BASE_URL if it is supported, and warn users not to override it unless they control the endpoint.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Using the skill can create or change Feishu workspace content, including documents, whiteboards, and tables.
Why it was flagged
The skill explicitly states that it directly modifies Feishu document blocks and data records. This is aligned with the stated purpose, but it is still a meaningful mutation capability.
Skill content
它直接干预飞书底层的原子块(Block)与数据行记录
Recommendation
Use it only with the intended Feishu app, verify target document/table IDs before running commands, and keep app permissions as narrow as possible.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The script may fail until the dependency is installed, and users may need to choose a package source/version themselves.
Why it was flagged
The markdown conversion script depends on an external package, but the supplied artifacts include no install spec, package manifest, or lockfile explaining the dependency source or version.
Skill content
} = require('feishu-markdown');Recommendation
Add a package manifest or install instructions with pinned dependency versions before relying on the script.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Content from selected local files can be uploaded into Feishu.
Why it was flagged
The script reads a user-selected local Markdown file and sends parsed table data to the Feishu API. This is expected for the stated purpose, but it is still an external data flow.
Skill content
const md = fs.readFileSync(args.markdownFile, 'utf8'); ... await feishuFetch(`/bitable/v1/spreadsheets/${spreadsheetToken}/sheets/${sheetId}/records`,Recommendation
Review files before passing them to the scripts, especially if they may contain private or regulated information.
Findings (3)
critical
suspicious.env_credential_access
- Location
- scripts/feishu-board.js:12
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- scripts/feishu-markdown-to-docx.js:13
- Finding
- Environment variable access combined with network send.