ClawHub
Back to skill
v0.1.3

Feishu Chat Server API

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:35 AM.

Analysis

The skill matches its Feishu chat-management purpose, but it can use Feishu app secrets to add/remove members or disband chats and runs an unpinned GitHub package to do so.

GuidanceReview the remote GitHub package before use, pin it to a trusted version, and only provide a least-privileged Feishu app credential. For removing members or disbanding chats, require explicit human confirmation and double-check the target chat and user IDs.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
- `feishu-chat-member-remove`
- `feishu-chat-disband`

These documented actions can remove people from Feishu chats or disband entire chats, and the artifact does not specify an explicit confirmation step or rollback/containment before performing them.

User impactA mistaken or overly autonomous invocation could disrupt business conversations or remove members from important Feishu groups.
RecommendationRequire explicit user confirmation for add/remove/disband operations, verify chat_id and member IDs before execution, and use the least-privileged Feishu app permissions possible.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
uvx --from git+https://github.com/wodenwang/feishu-extension-skills.git feishu-extension-skills invoke <action> --args-json '<json>'

The runtime command pulls and executes a package directly from a GitHub repository without a pinned commit or release, while no code files are included in the reviewed artifact.

User impactChanges to the remote repository could change what code runs with the user's Feishu credentials and chat-management authority.
RecommendationPin the GitHub dependency to a reviewed commit or release, publish the implementation with the skill artifacts, and review the source before providing Feishu credentials.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
凭证优先级如下:
1. action 显式传入 `app_id` / `app_secret`
2. 当前工作目录下的 `.local/feishu-extension-skills.json`
3. 环境变量 `FEISHU_APP_ID` / `FEISHU_APP_SECRET`

The skill uses Feishu app credentials from command arguments, a local file, or environment variables for server API authority, even though the registry metadata lists no required credentials or env vars.

User impactInstalling or using the skill may give the invoked tool Feishu app-level authority to manage chats in the configured tenant.
RecommendationDeclare the credential requirements clearly, avoid passing app secrets directly in command examples where possible, store secrets securely, and limit the Feishu app to only the chat permissions needed.