feishu-doc-write
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with valid Feishu access, the agent could add or change content in the specified cloud document.
This documents authenticated API calls that insert blocks into a Feishu cloud document. That is aligned with the skill's purpose, but it can modify remote document content.
POST /open-apis/docx/v1/documents/{document_id}/blocks/{block_id}/children?document_revision_id=-1 ... "children": [ ...Block array... ], "index": 0Use it only for intended Feishu documents, verify document IDs and insertion positions, and review generated content before allowing writes.
A token with broad Feishu permissions could let the agent write to more documents than the user intended.
The documented workflow requires a Feishu tenant access token. This is expected for the integration, but it is delegated account/workspace authority and should be scoped carefully.
Authorization: Bearer <tenant_access_token>
Use least-privilege Feishu app permissions, avoid sharing broad tenant tokens with unrelated tools, and rotate/revoke credentials if they may have been exposed.