ClawHub
Back to skill
v0.1.0

Feishu Docx PowerWrite

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:20 AM.

Analysis

This appears to be a coherent Feishu document-writing helper, but it can modify or overwrite Feishu docs using the user's Feishu permissions.

GuidanceThis skill is reasonable to install if you trust the publisher and need Feishu Docx writing. Before use, configure only your own least-privilege Feishu credentials, verify the target document, prefer append mode, and use replace mode only when you intentionally want to overwrite the document.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
- **Replace**: overwrite the entire document (use carefully) ... - MUST set `confirm: true`

The skill can intentionally modify Feishu documents, including replacing an entire document. This matches the stated purpose and includes an explicit confirmation requirement, but users should notice the impact.

User impactIf the wrong document ID is used, or replace mode is confirmed accidentally, Feishu document content could be changed or overwritten.
RecommendationVerify the target document link or document_id before writing, prefer append mode, and use replace mode only with an explicit confirmation and a backup or version history available.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/setup.sh
You must configure YOUR OWN Feishu app credentials... Your app has Docx/Drive scopes enabled

The skill relies on delegated Feishu credentials and document scopes. This is expected for Feishu document writing, and the artifacts instruct users not to copy others' tokens.

User impactThe agent's ability to edit documents depends on the Feishu app permissions and collaborator access granted by the user.
RecommendationUse a Feishu app with the minimum scopes needed, grant access only to intended documents, and avoid hardcoding or sharing tokens.