feishu-doc-write
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: feishu-doc-write Version: 1.0.0 The skill bundle is benign. The `SKILL.md` file provides a detailed specification for interacting with the Feishu (Lark) Document API, including authentication, content conversion, and block creation. All described network interactions are directed to `open.feishu.cn` and are explicitly for the stated purpose of writing content to Feishu documents. There is no evidence of prompt injection attempts, data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. The instructions are clear, focused on correct API usage, and do not suggest any intent beyond the skill's described functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with valid Feishu access, the agent could add or change content in the specified cloud document.
This documents authenticated API calls that insert blocks into a Feishu cloud document. That is aligned with the skill's purpose, but it can modify remote document content.
POST /open-apis/docx/v1/documents/{document_id}/blocks/{block_id}/children?document_revision_id=-1 ... "children": [ ...Block array... ], "index": 0Use it only for intended Feishu documents, verify document IDs and insertion positions, and review generated content before allowing writes.
A token with broad Feishu permissions could let the agent write to more documents than the user intended.
The documented workflow requires a Feishu tenant access token. This is expected for the integration, but it is delegated account/workspace authority and should be scoped carefully.
Authorization: Bearer <tenant_access_token>
Use least-privilege Feishu app permissions, avoid sharing broad tenant tokens with unrelated tools, and rotate/revoke credentials if they may have been exposed.