Skillv1.0.0

ClawScan security

feishu-wiki · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 11:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions clearly target the Feishu Wiki API and are generally coherent, but the metadata omits any declared credential or environment variable even though the runtime doc requires a tenant_access_token — this mismatch warrants caution.
Guidance: This skill looks like a straightforward Feishu Wiki API tutorial/helper, but the documentation expects you to supply a tenant_access_token while the skill metadata doesn’t declare any credential. Before installing: (1) confirm how your agent will obtain and store the Feishu token (do not reuse broad tenant/org-level secrets unless necessary); (2) prefer short-lived, least-privilege app tokens and verify required scopes (wiki:wiki, wiki:node:create) are acceptable; (3) verify whether the agent will prompt you for tokens or will automatically use existing credentials — avoid giving it an org-wide tenant token without review; (4) if you enable autonomous invocation, consider limiting the skill to interactive-only use until you verify behavior in a test environment; and (5) if possible, ask the skill publisher to declare an env var (e.g., FEISHU_TENANT_TOKEN) or add clear instructions how credentials are provided so you can audit and scope them.

Review Dimensions

Purpose & Capability: noteThe name/description and SKILL.md align: the skill is a Feishu Wiki helper that creates spaces and nodes via the Feishu Wiki v2 API. Required API endpoints and scopes in the docs match the stated purpose. However, the skill metadata declares no credentials or environment variables while the runtime instructions require an Authorization: Bearer {tenant_access_token} header — a practical gap between claimed capability and declared requirements.
Instruction Scope: okSKILL.md stays on-topic: it documents API endpoints, required fields (obj_type, node_token, obj_token), error/permission quirks, and operational best practices (group-admin workaround). It does not instruct reading unrelated system files or sending data to third-party endpoints. One small note: the document includes a repo-style save note ('已保存至 opensource/.../SUMMARY.md') which references a path but is presented as documentation, not as an explicit runtime file operation.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there is no install-time code to fetch or execute. That reduces installation risk.
Credentials: concernHigh concern: the SKILL.md explicitly requires a tenant_access_token in the Authorization header, yet the skill metadata lists no required env vars or primary credential. The skill requests Feishu wiki permissions in the document header (wiki:wiki, wiki:node:create) but provides no mechanism for supplying or scoping those credentials. This can lead to ambiguous behavior (agent may prompt for tokens, use other available tokens, or fail). Confirming exactly which credential(s) the agent will use is necessary before installing.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system changes. It does not modify other skills or system-wide configs. Autonomous invocation is allowed (platform default) but is not by itself a new risk here.