feishu-task-management-skill
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill matches its Feishu task-management purpose, but it ships with real-looking Feishu credentials, a user token, and synced member data, which should be reviewed before use.
Review and remove the bundled Feishu credentials, user token, and member data before installing. Configure the skill with your own least-privilege Feishu app credentials, use a safe OAuth redirect URI, and only allow task writes or deletion after you understand which Feishu account and workspace the agent will affect.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill could let the agent act against a real Feishu tenant or user account, including reading and changing tasks, without the user first supplying their own credentials.
The submitted package contains Feishu app credentials and a user OAuth-style token with task read/write scope. Even if the token is expired, the app secret remains account authority, and the registry metadata declares no primary credential or required environment variables.
"app_id": "cli_a91f12ae11789bc0", "app_secret": "xQXr0i...", "user_access_token": "eyJhbGciOiJFUzI1Ni...", "user_scope": "auth:user.id:read task:task:read task:task:write"
Do not ship live app secrets or user tokens in the skill. Remove toolkit/config/runtime.json secrets, require users to configure their own credentials, and declare the credential requirements in metadata.
A user following the setup guide could send an OAuth code through an unsafe redirect endpoint, risking account authorization leakage.
The OAuth guide builds authorization URLs using an external example.com redirect URI and instructs users to configure that redirect and paste the full callback URL back into the tool. This can expose OAuth authorization codes to a domain not controlled by the user or skill publisher.
DEFAULT_REDIRECT_URI = "https://example.com/feishu/oauth/callback"
Use a user-controlled or localhost redirect URI, clearly document the OAuth callback boundary, and avoid defaults that point to third-party placeholder domains.
People and internal Feishu identifiers from a real workspace may be exposed to anyone who receives or installs the skill.
The skill package includes a populated synced member table with names and Feishu identifiers. A local member cache is purpose-aligned, but publishing pre-synced organizational directory data is not necessary for a reusable skill and creates sensitive-data exposure.
"member_count": 4, "members": [{ "name": "严浩", "open_id": "ou_3ac4...", "user_id": "G5363" }]Remove populated member caches from the distributed package, ship only an empty template, and let each user sync their own member directory locally with clear retention and deletion guidance.
If misused, the agent could send task API payloads outside the documented safe fields.
Task create/update/member operations can accept raw JSON payloads, which can bypass the safer dedicated payload builders. The references describe this as an escape hatch for API alignment, so it is disclosed, but it should be used only with explicit user intent.
payload = json.loads(raw_body) if raw_body else build_update_payload(...)
Keep routine operations on dedicated commands, require explicit user approval for raw-body use, and avoid using raw payloads for ordinary task changes.