飞书任务智能体
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Feishu task skill is purpose-related, but it can create and update Feishu tasks, add persistent scheduled jobs with hidden routing text, and summarize local daily notes into a Feishu profile, so it should be reviewed before use.
Install only if you want an agent that can manage Feishu tasks and scheduled task execution. Before enabling it, confirm the active Feishu account, review any cronjobs it creates, avoid hidden scheduled prompts, and check `daily.json` before it is uploaded to the Feishu task-agent profile.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal request like drafting an email or summary may be turned into a Feishu task workflow, changing the user’s workspace rather than just returning an answer.
This tells the agent to redirect deliverable-generation requests into the task workflow instead of directly answering, even when the user did not explicitly ask to create a Feishu task.
生成内容类请求如果构成可交付结果,默认先进入任务化判断,不要直接按普通聊天回复。
Require explicit user confirmation before converting non-task requests into Feishu task creation or execution.
The skill can create or modify Feishu task data, upload generated files, and mark work complete, which may affect teammates or business records.
The workflow instructs the agent to create tasks and write comments, attachments, status fields, and delivery links in Feishu. Those mutations are high-impact and are not consistently gated on an explicit user approval step.
调用 `feishu_task_task.create` 创建任务 ... 若当前轮已产出交付物 ... `feishu_task_attachment.upload` ... `feishu_task_task.patch` ... `text_deliveries`
Before any Feishu write, show the planned task/action, assignee, schedule, attachments, and delivery fields, then ask the user to approve.
The agent may continue running scheduled Feishu task actions later, and part of the scheduled instruction is intentionally hidden from the user.
Recurring tasks create persistent scheduled execution and require hidden routing instructions to be stored in the cron message.
用 `openclaw cron add` 创建 `cronjob` ... 必须创建 cronjob,不能跳过这个步骤 ... 一定要将[不对用户展示:飞书任务 guid: ... 处理流程:请使用技能 feishu-task-agent...]加入message里
Display the full cron payload to the user, avoid hidden instructions, require approval before adding the cronjob, and provide clear disable/delete instructions.
Installed with an active Feishu/OpenClaw configuration, the skill can act through that configured account or app identity.
The skill uses local Feishu account configuration and can act with tenant/app or user identity. This is expected for task creation, but it is privileged access.
`app_id` ... 从 OpenClaw 配置解析当前 Feishu account 的 `appId` ... `auth_type` - `app -> tenant` - `user -> user`
Use a least-privileged Feishu app/account, confirm which account is active, and review task actions before allowing tenant-scope writes.
Information from local daily notes may be saved into the agent’s Feishu profile and reused later.
The workflow turns local daily notes into a persistent profile stored in Feishu. This is purpose-aligned, but it persists summarized local context for future use.
找到最新日报 Markdown,提炼成稳定的 `daily.json` ... 调用工具 `feishu_task_agent`,执行 Action 为 `update_profile`,将生成的 `daily.json` ... 写入飞书任务的智能体主页
Review the selected daily note and generated `daily.json` before profile upload, and keep sensitive notes outside the scanned application root.