Feishu Sheets
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward Feishu Sheets integration, but it can modify or delete spreadsheet data and relies on Feishu app credentials that should be scoped carefully.
Install only if you intend to let the agent operate on Feishu Sheets. Configure a least-privileged Feishu app, avoid broad tenant-wide access when possible, and carefully review any write, append, row/column deletion, or worksheet deletion request before allowing it to run.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken token, sheet ID, or range could alter or delete data in a Feishu spreadsheet.
The skill can make high-impact changes to Feishu Sheets, including deleting rows, columns, and worksheets. This is disclosed and aligned with the stated purpose, but users should verify targets before invoking destructive operations.
Supports: create spreadsheet, write/read cell values, append rows, insert/delete rows/columns, manage worksheets.
Use precise ranges and sheet IDs, review delete/write requests before execution, and keep backups for important spreadsheets.
The Feishu app credentials determine which cloud spreadsheets the tool can read or modify.
The script uses Feishu app credentials to obtain a tenant access token, while the registry metadata declares no required env vars or primary credential. The credential use is expected for Feishu API access, but it should be clearly declared and scoped.
self.app_id = os.getenv("FEISHU_APP_ID")
self.app_secret = os.getenv("FEISHU_APP_SECRET")Declare FEISHU_APP_ID and FEISHU_APP_SECRET as required credentials, and use a least-privileged Feishu app with only the scopes and document access needed.