Skillv1.0.0

ClawScan security

Feishu Wiki Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 7, 2026, 2:20 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Instruction-only guide for writing large Feishu Wiki documents—internally consistent with its purpose but it omits explicit dependency/authentication details you should verify before using.
Guidance: This is an instruction-only best-practice guide for writing large Feishu Wiki documents and appears coherent. Before installing/using it, confirm: (1) your agent or environment actually has the Feishu CLI/API tools the instructions reference (feishu_wiki, feishu_doc); (2) which Feishu credentials the agent will use — provide a scoped, least-privilege token and verify it has only the needed write/read permissions; (3) test the workflow on a staging space to avoid accidental production writes (the guide deliberately recommends full replace writes — they can overwrite content); and (4) ensure you have backups or version history available in case of accidental replacement. If you cannot verify where authentication comes from, treat the missing dependency/credential declaration as a blocker until clarified.

Purpose & Capability: noteThe skill's name/description match the instructions (it focuses on creating and writing large Feishu Wiki documents and avoiding ordering conflicts). However, the SKILL.md expects feishu_wiki/feishu_doc operations to be available but the skill declares no required binaries or credentials; this is plausible for an instruction-only skill that relies on the agent or platform to already have Feishu integration, but it is a missing dependency declaration that users should verify.
Instruction Scope: okThe instructions stay on-topic: they describe how to assemble content locally, create a wiki node, write the entire document in one call, and read back to verify. They do not ask the agent to read unrelated files, harvest environment variables, or send data to unexpected endpoints.
Install Mechanism: okNo install spec and no code files (instruction-only) — minimal disk/write risk. This is the lowest-risk install model.
Credentials: noteThe skill declares no required environment variables or credentials even though it instructs API/CLI operations against Feishu (feishu_wiki/feishu_doc). That omission could be benign (the platform supplies Feishu credentials), but you should confirm what credentials the agent will use and ensure least-privilege tokens are available and expected.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent presence or special system-wide configuration changes.