Podcast Automation
ReviewAudited by ClawScan on May 12, 2026.
Overview
The skill’s behavior matches its podcast automation purpose, but it can write transcripts to Feishu Wiki and control Sonos speakers, so users should run it with the intended credentials, files, and devices only.
This skill appears coherent and purpose-aligned. Before installing or using it, make sure you trust the unpinned external tools, use least-privilege Feishu app credentials, confirm the Wiki space ID, and review transcript contents before uploading them to Feishu.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong Feishu app or space is used, the agent could create podcast transcript pages in an unintended business Wiki location.
Archiving requires Feishu app credentials and wiki permission, which can create or modify workspace content. This is expected for the stated Feishu Wiki archive feature, but it is still delegated account authority.
飞书自建应用 | Wiki 归档 | 需开通 `wiki:wiki` 权限,配置 `FEISHU_APP_ID` / `FEISHU_APP_SECRET`
Use a Feishu app with the minimum necessary Wiki access, confirm the target space ID, and avoid sharing broad tenant credentials with untrusted workflows.
Podcast transcripts selected for archiving will leave the local machine and be stored in Feishu Wiki.
The helper reads a user-specified transcript file and posts its contents to Feishu's document API. This provider data flow is disclosed and purpose-aligned, but transcripts may contain private audio-derived content.
TRANSCRIPT=$(cat "$TRANSCRIPT_FILE" ...) curl -s -X POST "https://open.feishu.cn/open-apis/docx/v1/documents/$OBJ_TOKEN/blocks/$OBJ_TOKEN/children"
Review transcript contents before archiving and ensure the Feishu Wiki space has the intended audience and retention policy.
The agent may start playback or change volume on a named Sonos speaker when asked to use this feature.
The skill exposes commands that control local Sonos speakers. This is central to the stated podcast playback purpose, but it can affect real devices on the local network.
sonos play --name "Kitchen" "https://example.com/episode.mp3" sonos volume set 20 --name "Kitchen"
Confirm the speaker name and volume before running playback commands, especially on shared networks.
Future installs may receive a different version of the Sonos CLI than the one originally reviewed.
The Sonos CLI is installed from a public Go module using @latest, so the installed code may change over time. This is a normal setup method for the declared Sonos feature, but it is unpinned.
go | module: github.com/steipete/sonoscli/cmd/sonos@latest | creates binaries: sonos
Pin dependency versions where possible, or install from a trusted, reviewed version before using the skill.