Feishu Doc Orchestrator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its Feishu document-conversion purpose, but it ships real-looking Feishu credentials and stores broad OAuth tokens, so it should be reviewed before use.
Before installing, remove the bundled Feishu config files, rotate any exposed app secret, configure your own Feishu app with minimal scopes, and understand that the skill can create/edit Feishu documents, change permissions, upload referenced local images, and leave tokens plus workflow logs on disk.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
No VirusTotal findings for this skill version.
- Malicious
- 0
- Suspicious
- 0
- Harmless
- 0
- Undetected
- 64
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use bundled application credentials instead of credentials the user intentionally configured, and the included secret may already be exposed.
The package includes a real-looking Feishu App ID and App Secret, not just a placeholder template, while registry metadata declares no primary credential.
FEISHU_APP_ID=cli_a90...\nFEISHU_APP_SECRET=BS3x...\nFEISHU_API_DOMAIN=https://open.feishu.cn
Remove bundled secrets, rotate the exposed Feishu app secret, ship only a template config, and require users to provide their own credentials through a declared configuration path or environment variables.
A saved token can continue granting Feishu document access after the initial run, and compromise of the local token file could expose the user's Feishu account permissions.
The OAuth flow requests broad document/drive permissions plus offline access and persists access/refresh tokens to a local JSON file.
scope = 'drive:drive docs:doc docx:document docs:permission.member:create offline_access' ... 'refresh_token': token_data.get('refresh_token') ... with open(token_path, 'w'Use the minimum required Feishu scopes, store tokens with restricted file permissions or a credential store, clearly declare the token file path, and let users revoke or delete tokens easily.
Feishu browser login state may remain on disk after verification, which is convenient but sensitive.
The verifier is documented as using Playwright and automatically saving login state, which can persist browser session material.
Playwright 文档验证(自动保存登录状态)
Use a dedicated browser profile/account for verification and document where login state is stored and how to delete it.
Any local image path included in the Markdown can be uploaded to Feishu as part of document creation.
Local image files referenced by the Markdown conversion flow are opened and uploaded to the Feishu media API.
with open(image_path, 'rb') as f: ... requests.post(url, headers=headers, files=files, data=data)
Only convert trusted Markdown files, review local image references before running, and add file-type/size/path validation before upload.
Converted document content, document links, and run metadata may remain on disk after the task finishes.
The workflow intentionally persists parsed document blocks, document metadata, and logs under the local workflow directory.
每一步的结果都保存到 `workflow/` 目录 ... blocks.json ... CREATED_DOCS.md + created_docs.json
Treat the workflow directory as sensitive, avoid converting confidential documents in shared folders, and delete intermediate files/logs when no longer needed.
Users who follow the setup will install packages from external sources without version pinning.
The README recommends manual installation of unpinned Python packages and a browser runtime, while no install spec declares or pins them.
pip install playwright requests lark-oapi\nplaywright install chromium
Install in a virtual environment, pin dependency versions, and prefer a reviewed lockfile or declared install specification.