飞书AI工作日报
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The daily-report purpose is clear, but the skill broadly reads agent session chats and sends extracted user messages to Feishu automatically without clear limits or approval controls.
Install only if you are comfortable with this skill reading OpenClaw agent session histories and sending a summarized report to Feishu. Before use, define exactly which agents and messages may be included, where the Feishu message goes, and require a preview/confirmation step before sending.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private chat/session content from multiple agents could be included in a generated work report.
The skill directs the agent to read persistent session logs for every agent and extract user DM text, which may include private or non-report-related conversation content.
对于每个 agent:找到 /root/.openclaw/agents/{agent_id}/sessions/ 目录下今天修改的 .jsonl 文件...提取 message.content[0].text 中包含 "DM from ou_" 的行Limit collection to explicit agent IDs and work-report fields, exclude sensitive/private sessions, redact user identifiers, and require user review before reuse.
Extracted session messages could be shared to the wrong Feishu chat or a broader audience than intended.
The skill sends the report to Feishu, but the artifacts do not specify the Feishu recipient/channel, data boundary, or confirmation step before transmitting extracted session content.
### 4. 发送到飞书 使用 `message` 工具发送到飞书
Declare the exact destination, require confirmation before sending, and add redaction or preview controls for sensitive content.
The agent may automatically gather, write, and publish information from local session history without a chance to correct or block the content.
The workflow chains broad local file reading, report file writing, and external messaging without documenting approval or scoping controls for the high-impact actions.
直接读取 session jsonl 文件...保存到 `/root/.openclaw/workspace/daily-report-YYYY-MM-DD.md`...使用 `message` 工具发送到飞书
Add an explicit preview-and-confirm step, narrow the file paths and agent list, and make external sending optional.
A Feishu message may be sent under an account or bot identity that users did not expect.
Posting to Feishu implies use of delegated messaging authority. This is purpose-aligned, but users should know which account and permissions are used.
使用 `message` 工具发送到飞书
Document the Feishu identity, permissions, and target chat/channel used by the message tool.
The report may run and send on a schedule even when users have not reviewed that day's content.
The skill describes recurring scheduled invocation. That is consistent with a daily report, but the artifacts do not show scheduler controls or an approval step.
触发场景:用户说"生成日报"、"整理日报"、"工作日报"等;定时任务(每天18点)调用。
Provide clear enable/disable controls for the schedule and require review before automatic sending.