Skillv1.0.4

ClawScan security

飞书会议总结 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 7:33 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: Instructions, requirements, and actions are coherent: the skill reads and writes Feishu meeting documents via a Feishu plugin and organizes summaries into a knowledge/wiki structure; it does not request unrelated credentials or install arbitrary code.
Guidance: This skill is internally consistent: it reads Feishu meeting text and writes structured summaries back into your Feishu wiki. Before enabling it, confirm you have (or are willing to install) the official Feishu plugin the skill requires, and check what Feishu permissions that plugin will have (read access to meeting documents and write/create/overwrite access to the wiki space). Because the skill will create and overwrite documents and persist meeting contents into a knowledge folder, consider privacy and access controls for sensitive meetings and whether you want automated writes into your team wiki. Also confirm the Feishu connector's credentials are managed securely by your environment (the skill itself does not declare or request separate secrets).

Review Dimensions

Purpose & Capability: okThe name/description (Feishu meeting summaries, knowledge sinking, search) match the runtime instructions which call Feishu-specific operations (feishu_fetch_doc, feishu_create_doc, feishu_update_doc, feishu_wiki_space_node) and describe writing to meetings/ and knowledge/ folders. Nothing requested in the SKILL.md is unrelated to that purpose.
Instruction Scope: okInstructions are narrowly scoped to reading Feishu meeting text, extracting structured summaries, persisting them into the configured wiki/meetings and knowledge folders, and confirming links. They do not instruct the agent to read unrelated local files, environment variables, or to transmit data to non-Feishu endpoints. The requirement to always preserve original links and to verify after write is explicit.
Install Mechanism: okThis is an instruction-only skill with no install spec or bundled code. The SKILL.md tells the user to install an external Feishu plugin (official tool) before use; that is appropriate for a Feishu-integrated skill and avoids arbitrary downloads or archive extraction.
Credentials: noteThe skill declares no required env vars or credentials, which is consistent because it relies on a separate Feishu plugin/connector for authentication. Users should verify that the Feishu plugin / Gateway configuration provides only the necessary Feishu read/write permissions (wiki space and document create/update) and that no unrelated credentials are granted.
Persistence & Privilege: okalways is false and there is no install-time persistence or modification of other skills. The skill's behavior requires creating and overwriting Feishu docs in the user's wiki space — this is expected for its purpose but means it needs write permission in Feishu; there is no indication it modifies agent/system configuration.