Official Feishu Toolkit
ReviewAudited by ClawScan on May 10, 2026.
Overview
No clear malicious behavior is shown, but this Feishu toolkit can perform powerful workplace actions and should be installed with tightly scoped Feishu permissions.
Install only if you trust the package and need an agent to operate Feishu on your behalf. Use a dedicated Feishu app, grant the minimum required permissions, restrict contact/department scope, and require explicit confirmation before the agent sends messages, changes approvals, deletes calendar events, or edits business tables.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Feishu app is over-permissioned, the agent could access or change more workplace data than the user intended.
The code uses Feishu app credentials to authenticate API calls. This is expected for the toolkit, but those credentials can carry broad tenant-level authority depending on the permissions granted.
app_id = os.getenv("FEISHU_APP_ID", "")
app_secret = os.getenv("FEISHU_APP_SECRET", "")Create a dedicated Feishu app for this skill, grant only needed API permissions and department/contact scopes, keep the secret in a protected environment file, and rotate it if exposed.
An incorrect agent action could send the wrong message, approve or reject the wrong workflow, or modify business records.
The advertised capabilities include sending workplace messages and mutating approval and table data. These are central to the stated purpose, but mistakes can have real business impact.
| 💬 消息 | 文本/富文本/卡片消息发送、回复 | "给产品组群发版本发布通知" | | ✅ 审批 | 发起/查询/同意/拒绝/转交审批 | "帮我发起一个出差审批" | | 📊 多维表格 | 表格创建、记录增删改查 | "在项目跟踪表中新增一条任务" |
Before enabling sensitive modules, instruct the agent to show the target, content, and action plan and wait for explicit approval before sending, approving, deleting, or updating records.
Running a remote shell installer from an unverified source can change the local environment in ways the user has not inspected.
The documentation includes a user-directed remote shell installer. That is not malicious by itself, but it executes whatever the remote install script returns at install time.
curl -sL "https://backend.clawd.org.cn/api/skills/official%2Ffeishu-toolkit/install.sh" | sh
Prefer the standard `claw skill install` flow when possible, or inspect the downloaded install script before piping it to `sh`.