Feishu Screenshot
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s stated purpose matches its behavior, but it can capture the full screen and send it to Feishu without clear recipient, confirmation, or cleanup controls.
Install only if you are comfortable with the agent capturing your entire screen and sending it to Feishu. Before use, close or hide sensitive windows, confirm the exact Feishu destination, and delete temporary screenshot files afterward unless the skill is updated to do that automatically.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who only asks for a screenshot could have their current screen posted to Feishu, potentially exposing private information.
The skill can be invoked for generic screenshot wording but then sends the screenshot to Feishu; the artifact does not require an explicit confirmation or recipient/channel selection before sending.
当用户说"截屏发给飞书"、"截图"、"屏幕截图"时使用这个技能。 ... "action": "send", "channel": "feishu"
Require explicit user confirmation before sending, show or describe the destination, and only send after the user confirms the specific Feishu recipient or channel.
The agent may post the screenshot using a connected Feishu identity in a destination the user has not reviewed.
The workflow uses a delegated Feishu send capability, but the artifacts do not define which account, chat, recipient, or permission scope will be used.
{
"action": "send",
"channel": "feishu",
"filePath": "/home/edy/.openclaw/workspace/截图.png"
}Declare the required Feishu authorization and make the destination explicit and user-confirmed before any file is sent.
The skill depends on local shell access and Windows/WSL paths, which may fail or behave unexpectedly on other systems.
The skill instructs the agent to run a local PowerShell command to capture the screen. This is purpose-aligned, but it is still local command execution and is not reflected in the metadata requirements.
/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command "Add-Type -AssemblyName System.Windows.Forms; ... CopyFromScreen ..."
Declare Windows/WSL requirements and ensure users understand a local command will be run to capture the screen.
Sensitive screen contents may remain on disk or in the workspace after sending, where they could be reused, attached, or viewed later.
The screenshot is stored in fixed local and workspace paths, and cleanup is only optional/manual. Screenshots may contain sensitive information and could remain accessible after the task.
截屏会保存到 `C:\Users\edy\Pictures\screenshot.png` ... 发送完成后可以删除 workspace 里的临时文件
Use a temporary file location, delete the screenshot automatically after sending, and warn users before capturing screens that may contain private data.