Feishu Toolkit
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Feishu integration is broadly purpose-aligned, but it asks for powerful Feishu credentials and enables document, chat, file, screenshot, permission, and scheduled-message actions without clearly scoping or confirming all high-impact operations.
Install only if you are comfortable giving the agent a dedicated Feishu app credential. Limit the app to the minimum Feishu scopes needed, confirm every document write, file/screenshot send, permission change, and scheduled reminder, and avoid using broad tenant/admin permissions for routine tasks.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used with a powerful Feishu app, the agent may gain broad delegated access to company documents, chats, files, and permissions.
The skill requires Feishu app credentials even though the registry metadata declares no required env vars or primary credential; those credentials can obtain a tenant access token for workspace-level API operations.
env: FEISHU_APP_ID: "Your Feishu app ID (from open.feishu.cn)" FEISHU_APP_SECRET: "Your Feishu app secret"
Use a dedicated Feishu app with the minimum required scopes, avoid tenant-wide or admin-level permissions unless necessary, and rotate the app secret if it may have been exposed.
A mistaken or autonomous invocation could overwrite shared Feishu documents.
The skill documents direct write/overwrite operations against Feishu documents, but the artifacts do not require confirmation, preview, backup, or rollback before destructive document changes.
Write (Overwrite) a Document ... POST /open-apis/docx/v1/documents/{document_id}/blocks/batch_updateRequire explicit user approval before document overwrite or bulk write actions, and prefer append/create workflows or backups for important documents.
The agent could grant, escalate, or remove access to Feishu documents and files if given suitable credentials.
The skill enables adding and removing collaborators and granting full access, but only says to use caution and does not define approval, scoping, or recovery requirements.
Permission Management — List, add, remove document collaborators ... `full_access` | Full access (can manage permissions)
Require user confirmation for every permission change, show the target document and recipient before acting, and avoid granting full_access unless explicitly requested.
Private team messages could be brought into the agent context, and chat content could influence summaries or later reasoning if not handled carefully.
Group chat history is sensitive retrieved context and may include untrusted user-generated text; the skill does not state boundaries for which chats to read or how to treat retrieved messages safely.
Chat History — Fetch and summarize group chat messages ... If `has_more=true`, fetch more pages using `page_token`.
Fetch only user-specified chats and time ranges, treat chat content as untrusted data, and avoid storing or reusing chat summaries beyond the user’s request.
A screenshot may include private data from the user’s screen and send it to a Feishu chat.
Screenshot capture and upload is disclosed and purpose-aligned, but it can expose sensitive on-screen information if invoked without careful user direction.
Capture macOS screenshots and send to Feishu ... screencapture -x "$SCREENSHOT_PATH" ... Send image message
Confirm the target chat and allow the user to review or retake screenshots before sending.
Scheduled reminders may continue sending messages after the original interaction unless the user manages or removes them.
The skill can create persistent recurring reminders through cron, but it explicitly instructs the agent to confirm frequency and target first.
Cron Reminders ... **Always confirm with the user** ... cron add --name "<task_name>" --every "<interval>" --session main --system-event
Create scheduled reminders only after explicit approval, name them clearly, and tell the user how to list and remove them.