Back to skill
Skillv0.1.0
ClawScan security
nanobot-feishu-send · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:32 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it only documents how to use nanobot's message tool to send local files to Feishu and does not request extra credentials, installs, or unrelated access.
- Guidance
- This skill simply tells the agent to send local files via your existing nanobot/Feishu setup. Before installing or using it: (1) confirm you trust the environment where nanobot runs (the skill can send any local file you point it to); (2) avoid giving paths to sensitive files; (3) be aware that if you provide a URL the agent may download it to disk before sending; and (4) ensure your ~/.nanobot/config.json and nanobot gateway are correctly configured. If you need stricter controls, limit who can invoke the skill or run nanobot in an isolated environment.
Review Dimensions
- Purpose & Capability
- okName/description (send local attachments to Feishu via nanobot) matches the instructions and prerequisites (~/.nanobot/config.json enabled, nanobot gateway running). No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md confines actions to putting local file paths into the 'media' field and using the nanobot 'message' tool. It also allows downloading a user-provided URL to the local machine before sending — this implies the agent will fetch external URLs and write files locally when asked, which is appropriate for the feature but worth noting as an operational capability.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is written to disk by an installer as part of the skill itself.
- Credentials
- okThe skill declares no required environment variables, binaries, or credentials. The single external dependency is that the user's nanobot instance and Feishu channel are already configured — this is proportional to the described function.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. The default ability for the agent to invoke the skill autonomously is the platform norm and not excessive here; the skill does not request persistent system-level privileges.