DashScope Web Search (Feishu)
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill’s web-search purpose is coherent, but its Feishu image pipeline handles bot credentials and external URLs in ways that could expose tokens or send unsafe content.
Review carefully before installing. If you use it, fix TLS verification first, secure or disable the Feishu token cache, restrict image URL fetching to safe HTTPS image sources, and make sure the Feishu app permissions and chat IDs are limited to the intended workspace and conversations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On an untrusted or compromised network, an attacker could impersonate Feishu, capture app secrets or access tokens, or tamper with uploaded/sent image operations.
The Feishu API requests use an SSL context that disables certificate and hostname verification, including the tenant-token request that carries Feishu app credentials.
_ssl_ctx.check_hostname = False _ssl_ctx.verify_mode = ssl.CERT_NONE ... urllib.request.urlopen(req, timeout=10, context=_ssl_ctx)
Keep TLS certificate verification enabled for Feishu and other HTTPS requests; remove the custom `CERT_NONE` context and fail closed on certificate errors.
Another local user or process could potentially read or interfere with the cached bot token and use the Feishu app’s message/upload privileges.
The script persists a Feishu tenant access token in a shared temporary path without explicit restrictive file permissions, owner checks, or cleanup.
TOKEN_CACHE_PATH = "/tmp/feishu_token.json" ... json.dump({"token": token, "expire_at": time.time() + expire}, f)Store tokens in a per-user secure cache or keychain with 0600 permissions and owner checks, or avoid persistent token caching unless necessary.
A malicious or manipulated search result could cause the agent to fetch unexpected URLs, internal resources, local-file-style URLs, or oversized content, then upload or send it through Feishu.
Markdown image URLs from stdin are automatically downloaded, uploaded to Feishu, and optionally sent to a chat, without scheme, host, content-type, count, or size validation.
matches = list(MD_IMAGE_RE.finditer(text)) ... url = m.group(2) ... if download_image(url, dest): ... image_key = upload_image_to_feishu(dest, token) ... send_image_message(token, chat_id, image_key, receive_id_type)
Allow only `https` image URLs, block localhost/private/file schemes, enforce size and content-type limits, cap the number of images, and consider user confirmation before sending.
The installed dependency version may change over time, which can affect behavior or supply-chain exposure.
The setup documentation asks the user to install an unpinned Python dependency. This is common and user-directed, but it reduces reproducibility and depends on the current package index state.
pip install openai
Pin dependency versions and, ideally, provide a reviewed requirements file or lockfile.