feishu-doc-sender
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears coherent and purpose-aligned, but users should carefully confirm which files and Feishu/Lark recipients are used because it is designed to share workspace documents externally.
Install only if you are comfortable letting the agent locate workspace Word/PDF files and help send them through Feishu/Lark. Before each send, verify the selected files, recipient or group, and the Feishu/Lark account being used.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves the wrong file or recipient, documents from the workspace could be sent to an unintended person or group.
The skill is intended to send documents to Feishu/Lark private or group chats, including multiple files at once. This is purpose-aligned, but mis-selection of recipients or files could expose documents.
一键发送到飞书私聊或群聊 ... 批量支持可同时发送多个文件
Before approving a send, check the exact file list, destination chat or user, and whether batch sending is intended.
The agent may use whatever Feishu/Lark account or integration permissions are available in the environment.
The skill expects Feishu/Lark permissions and network access to send files, but the registry metadata declares no primary credential or required environment variables. This is expected for the integration, but users should know which Feishu account or tool authority will be used.
发送失败 → 检查飞书权限和网络连接
Confirm the Feishu/Lark account, recipient permissions, and least-privilege access before using the skill for sensitive documents.
File names and metadata for workspace documents may be shown to the agent and used to choose files for sending.
The helper enumerates document files in the workspace and reports file metadata such as names, sizes, paths, and modification times. This is aligned with document selection, but it brings local file metadata into the agent workflow.
return os.environ.get('OPENCLAW_WORKSPACE', '/root/.openclaw/workspace') ... workspace.glob(f'*{ext}')Keep unrelated sensitive documents out of the workspace and verify the displayed file list before allowing any send action.