Feishu Docx Cli

ReviewAudited by ClawScan on May 10, 2026.

Overview

This skill appears to match its Feishu document-management purpose, but it can use your Feishu app credentials to overwrite documents, upload selected files, and change collaborator permissions.

Install this only if you want the agent to manage Feishu documents through your configured Feishu app. Before running write, upload-image, or permissions commands, verify the document token, file path, image path, and member ID; use least-privileged Feishu scopes and keep backups for important documents.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If installed, the agent can use the configured Feishu app credentials to access and modify Feishu documents within that app's granted scopes.

Why it was flagged

The script reads Feishu App ID/App Secret from the local OpenClaw configuration and exchanges them for a tenant access token. This is expected for a Feishu CLI, but it gives the skill delegated authority as the configured Feishu app.

Skill content

config_path = os.path.expanduser("~/.openclaw/openclaw.json") ... app_id = config['channels']['feishu']['appId'] ... app_secret = config['channels']['feishu']['appSecret'] ... tenant_access_token/internal

Recommendation

Use a least-privileged Feishu app, enable only the scopes you need, and do not install this skill with credentials for an app that has broader access than intended.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken document token or unintended agent invocation could overwrite important Feishu document content.

Why it was flagged

The write command clears existing document blocks before inserting new content. This matches the documented overwrite behavior, but it is a destructive document mutation if used on the wrong document or with the wrong file.

Skill content

api('DELETE', f'/docx/v1/documents/{args.doc_token}/blocks/{args.doc_token}/children/batch_delete', token, json={'start_index': 0, 'end_index': child_count})

Recommendation

Confirm document tokens and input files before using write/overwrite commands, and keep backups or version history for important documents.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less external context for who maintains the scripts or where to verify updates.

Why it was flagged

The registry metadata does not provide an upstream source or homepage. The included visible code is coherent and the static scan is clean, but provenance information is limited.

Skill content

Source: unknown; Homepage: none

Recommendation

Review the included scripts before use and prefer installing from a trusted, auditable source if available.