feishu-calendar-event
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed Feishu calendar integration, but it requires Feishu app credentials and can read, create, update, or delete calendar events.
Install this only if you intend to let an agent access your Feishu calendar through an app credential. Use environment variables or a secret manager instead of hardcoding the App Secret, grant the minimum Feishu calendar permissions needed, and require explicit confirmation before any event creation, update, or deletion.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted, the skill can affect real Feishu calendar data, including enterprise calendars if the app has those permissions.
The skill requires Feishu app credentials and permissions that can read and mutate calendar data, including deleting events. This matches the stated calendar-management purpose but is high-impact account authority.
开通以下权限: ... calendar:calendar.event:create ... calendar:calendar.event:update ... calendar:calendar.event:delete ... 获取凭证 ... App ID ... App Secret
Grant only the Feishu permissions you actually need, keep the App Secret out of source files, and require user confirmation before creating, updating, or deleting events.
A mistaken or over-broad agent action could create, modify, or delete the wrong calendar event.
The skill documents raw Feishu API operations for calendar mutations. These are expected for a calendar management skill, but write/delete API calls can have user-visible effects if invoked on the wrong event.
创建日程 POST ... 更新日程 PATCH ... 删除日程 DELETE
Use explicit calendar IDs, event IDs, and date ranges, and ask the user to confirm any update or delete operation.
A user relying only on registry metadata might not realize the skill needs Feishu credentials and network access to the Feishu API.
The registry metadata does not reflect the Feishu credentials and web_fetch usage documented in SKILL.md/package.json. The credential use is disclosed in the files, but the registry-level contract is incomplete.
Required env vars: none ... Primary credential: none ... Capability signals: No capability tags were derived.
Review SKILL.md and package.json before installing, and update registry metadata to declare FEISHU_APP_ID, FEISHU_APP_SECRET, and Feishu API/web_fetch usage.