Skillv1.0.0

ClawScan security

feishu-routing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 2:37 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and scope match its stated purpose of routing Feishu group messages to internal agents and relaying replies; nothing requested or installed is disproportionate.
Guidance: This skill is internally consistent and only contains runtime instructions for routing messages between Feishu groups and internal agents. Before installing, confirm: (1) your runtime actually provides sessions_spawn and a way to post back into Feishu (the SKILL.md assumes those capabilities), (2) the agent IDs (taizi, zhongshu, menxia, shangshu) exist and are trusted to receive potentially sensitive group messages, and (3) you are comfortable with message contents being forwarded to other agents (privacy/role separation). If you need the skill to actually post messages to Feishu, be prepared to supply appropriate Feishu credentials in your deployment configuration (the skill itself does not request them).

Purpose & Capability: okName and description claim Feishu group-chat routing; SKILL.md only references Feishu chat IDs and calls to sessions_spawn to invoke specific agents. There are no unrelated credentials, binaries, or install steps requested, so the requested capabilities align with the stated purpose.
Instruction Scope: noteInstructions are narrowly scoped to: check chat_id, map to an agent, call sessions_spawn with a task, then forward the child agent's reply back to the originating group. This is consistent, though it assumes the runtime environment provides a sessions_spawn API and a mechanism to post back to Feishu. The doc explicitly avoids calling sessions_send (permission issue). There are no instructions to read unrelated files or environment variables.
Install Mechanism: okNo install spec and no code files (instruction-only), which minimizes disk/execute risk. Nothing is downloaded or written to disk.
Credentials: okThe skill declares no environment variables or credentials and its instructions do not attempt to access additional secrets. That matches the simple routing role described. Note: actual Feishu posting in a real deployment would require appropriate platform credentials, but those are not requested here.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill does instruct the agent to spawn child agents (sessions_spawn), which is expected for a router and is not in itself an elevated system privilege.