v1.1.1

飞书文档API技能

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:30 AM.

Analysis

The skill matches its Feishu Docs purpose, but it can use broad app credentials to read, replace, delete, and share business documents without built-in confirmation.

GuidanceInstall only if you are comfortable granting this skill Feishu document read/write/delete/share authority. Use a least-privilege Feishu app, keep the app secret in environment variables or a secret manager, and require explicit human approval before delete, full-replace, or sharing actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

bin/cli.js

.command('delete') ... console.log('正在删除文档...'); await api.deleteDocument(options.documentId);

The CLI exposes direct document deletion by ID, and the shown action executes the delete call without an artifact-backed confirmation step.

User impactA mistaken or autonomous invocation could delete a Feishu document the app can access.

RecommendationRequire explicit user confirmation for delete operations and restrict the Feishu app to only the folders/documents this skill should manage.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

src/api.js

const childBlockIds = allBlocks.items.slice(1).map(b => b.block_id); if (childBlockIds.length > 0) { await this.batchDeleteBlocks(documentId, childBlockIds); }

The full-replace workflow deletes existing document blocks before inserting new content, making update operations potentially destructive.

User impactUsing the wrong document ID or content could wipe an existing Feishu document’s contents.

RecommendationAdd a preview/backup or confirmation step before full replacement, and prefer append or targeted updates unless the user explicitly requests a full overwrite.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill. Code file presence: bin/cli.js, src/api.js, test-convert.js

The registry provenance and install metadata are sparse even though executable JavaScript files are included; the provided artifacts do not show a malicious installer.

User impactUsers have less provenance information to verify where the executable code came from.

RecommendationReview the included source and package files before installing, and prefer a verified repository or pinned release source if available.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SETUP.md

添加以下权限：
- `drive:drive:readonly` - 读取云文档
- `drive:drive:write` - 写入云文档
- `drive:file:readonly` - 读取文件
- `drive:file:write` - 写入文件

The requested Feishu app permissions allow broad document/file read and write operations, not just a single document or narrow task.

User impactThe skill can act with the Feishu app’s granted authority, including reading and modifying accessible workspace documents.

RecommendationUse a least-privilege Feishu app, limit access to intended folders where possible, rotate the app secret, and avoid granting broader Drive permissions than needed.