v1.0.1

Feishu Writing Bundle

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:18 AM.

Analysis

The skill’s Feishu writing workflow is coherent, but it can read and modify Feishu content and recommends broad full-tool permissions, so users should review its access before installing.

GuidanceInstall this only if you want the agent to create and edit Feishu documents. Review the Feishu OAuth account, target workspace/folder, and any tools.profile changes first; avoid broad full-tool access unless necessary, and confirm destructive edits such as delete_range or overwrite.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

references/skill-map.md

`delete_range` | 删除过时内容 ... `overwrite` | 全文清空重写（慎用，会清评论/图片关联）

The skill documents Feishu update modes that can delete or overwrite document content. This is aligned with an editing skill and it warns against casual overwrite, but users should notice the mutation authority.

User impactIf used on the wrong document or selection, the agent could change, delete, or overwrite collaborative document content.

RecommendationUse the skill only on documents the user explicitly wants edited, prefer append/replace_range, and require extra confirmation for delete_range or overwrite operations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

references/quick-reference.md

feishu_create_doc 报权限错 | tools.profile 未开 full | 检查 openclaw.json：`tools.profile = "full"`

The artifact recommends enabling a broad full tool profile to resolve Feishu permission errors. That is not narrowly scoped to Feishu writing and is not reflected in the supplied registry requirements.

User impactEnabling a full tool profile may grant the agent more authority than a user expects from an instruction-only writing bundle.

RecommendationPrefer least-privilege Feishu/OAuth access, declare the required Feishu permissions clearly, and avoid enabling full tool access unless the user understands the broader authority.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

references/open-box-rules.md

- 文档建在了插件账号自己的空间
- 用户当前登录租户与文档所在租户不同
- 用户未完成 OAuth 授权

The skill explicitly relies on Feishu provider/OAuth account boundaries and distinguishes plugin account space from user tenant space. This is expected for Feishu integration, but it affects where documents and data are accessed or created.

User impactDocuments may be created under the wrong Feishu account, tenant, or space if the integration is not configured carefully.

RecommendationBefore use, verify the Feishu account, tenant, OAuth authorization, and target folder/wiki space; create documents in a user-accessible space.