Feishu Group Ops
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant could operate against the wrong Feishu app or tenant, or use broad app privileges without the user realizing which account is active.
The skill automatically reads Feishu app secrets, including selecting any configured OpenClaw Feishu account, to obtain tenant access. This is high-impact account authority and is not clearly surfaced in the registry credential requirements.
Credentials are resolved automatically in this order: 1. Environment variables `FEISHU_APP_ID` / `FEISHU_APP_SECRET` 2. `~/.openclaw/openclaw.json` → `channels.feishu.accounts.<any>.appId / appSecret`
Declare the Feishu credential requirement, require or confirm the exact Feishu account/tenant before first use, and show the app or tenant being used before any read or write action.
If confirmed, the assistant can change workplace chat membership, post messages, rename chats, or create new chats.
The skill exposes high-impact Feishu write actions, but the instructions do require user confirmation before executing them.
Add member to group | `add_member`; Remove member | `remove_member`; Send message | `send_message`; Rename group | `rename_chat`; Create group | `create_chat` ... Step 3 — Confirm before any write ... Wait for confirmation before executing.
Keep the confirmation step, verify the exact group, user, and message before approving, and use Feishu app permissions scoped only to the intended workspace.
A mistaken or ambiguous caller identity could misattribute charges or payment prompts to the wrong Feishu user.
Billing identity can be inferred by the agent from context or search results, and the artifacts do not show a strong check that this open_id is the authenticated requester before billing is attempted.
`--user_id` is the caller's Feishu `open_id` — used for billing. Retrieve it from conversation context or from `find_user` results.
Derive billing identity only from authenticated channel metadata, never from name search, and display the bill-to identity and price in the confirmation for every paid write action.
It is harder to verify who maintains the code, whether updates are trustworthy, or whether the billing and credential handling are legitimate.
The skill has a provenance gap and placeholder homepage despite handling Feishu app secrets, workspace mutations, and billing calls.
Source: unknown; Homepage: https://github.com/your-github/feishu-group-ops
Install only from a verified repository or publisher, and review the script source before granting Feishu app credentials.
A Feishu user identifier and billing details are shared with SkillPay whenever a paid write is attempted.
For paid write operations, the script sends the Feishu open_id billing identifier, skill ID, and amount to an external SkillPay service. This is disclosed as billing behavior, but it is still a third-party data flow users should notice.
SKILLPAY_BASE = "https://skillpay.me" ... body={"user_id": user_id, "skill_id": SKILLPAY_SKILL_ID, "amount": PRICE_PER_WRITE}Review SkillPay's privacy and billing terms, and avoid using the skill if sharing Feishu user IDs with that service is not acceptable.