📄 Feishu Doc Manager | 飞书文档管理器
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is plausible, but it asks users to install unreviewed external code and grants Feishu document and permission-changing authority without clear safeguards.
Before installing, inspect the GitHub repository you are asked to clone, pin a trusted version, and grant only limited Feishu permissions. Treat document deletion, overwrites, and collaborator permission changes as high-impact actions that should require explicit confirmation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users would be trusting code that was not included in this review, and that code could change after publication unless pinned to a specific commit.
The reviewed artifact set contains only SKILL.md and no install spec or code files, but the setup directs users to install an external repository into the active skills directory.
cd ~/.openclaw/workspace/skills git clone https://github.com/Shuai-DaiDai/feishu-doc-manager.git
Review the GitHub repository before installation, pin to a trusted commit or release, and prefer a package whose runnable files are included in the reviewed artifact set.
If granted, the skill or installed external code may be able to modify Feishu documents and manage who can access them.
These Feishu scopes include document access/write authority and collaborator permission management, but the artifacts do not define scoping limits, credential handling, or approval requirements.
- `docx:document` - `docx:document:write_only` - `docs:permission.member`
Use the least-privileged Feishu app possible, restrict it to intended documents or workspaces, and require explicit confirmation before permission changes.
A mistaken or overbroad agent action could delete content, overwrite documents, or give the wrong collaborator elevated access.
The advertised operations can alter documents and access controls, but the instructions do not describe guardrails such as document allowlists, dry-run review, confirmation, or rollback.
- Add/remove collaborators - Update permission levels (view/edit/full_access) ... - Update/delete specific blocks
Only invoke these operations on clearly specified documents, require user confirmation for delete/overwrite/permission changes, and keep backups or version history enabled.