lark-file-sender
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherently designed to send user-selected files through Feishu/Lark, but users should verify file paths, recipients, and generated send commands before use.
This appears to be a straightforward Feishu/Lark file-sending skill. Install it only if you want the agent to send local files through your configured messaging channel, and make sure the agent confirms the file path, recipient or chat, and message before sending sensitive or multiple files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad file selection could send private files to the wrong Feishu/Lark user or group.
The skill instructs the agent to use the message tool to send local files to specific Feishu/Lark users or chats. This is the core purpose, but it is a high-impact action if the file path or recipient is wrong.
message action=send target="user:ou_xxx" filePath="/path/to/file"
Before sending, confirm the exact file path, recipient or chat, and optional message text with the user, especially for batch sends or sensitive documents.
Unusual file names or message text could produce a malformed send command, increasing the chance of an incorrect or failed send.
The helper script formats a send command by interpolating the file path and message into a command string. It does not escape quotes or special characters, so users should inspect the generated command before relying on it.
cmd = f'message action=send filePath="{file_info["path"]}"' ... cmd += f' message="{message}"'Prefer structured tool parameters over copied command strings, or escape file paths and message text before formatting a command.
Files may be sent using the user's Feishu/Lark account or workspace permissions.
The skill depends on an existing Feishu/Lark channel, meaning sends may use the user's configured messaging permissions. This is expected for the integration and there is no evidence of credential collection or leakage.
- Feishu/Lark channel configured
Use the skill only with the intended Feishu/Lark workspace and verify that the configured channel has the expected recipients and permissions.