feishu-operations
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows these steps carelessly, an automation could send unwanted notifications or modify Feishu records.
The guide teaches users to configure Feishu automation actions that can send messages or change records. This is expected for a Feishu operations guide, but misconfigured automations could affect a workspace.
执行动作 - 发送通知 - 更新字段 - 创建记录 - 发送消息
Test automations on non-critical data first, keep triggers narrow, review recipients and update actions, and avoid loops or broad workspace-wide changes.
Poorly protected or over-scoped API keys could let others access or modify connected workspace data.
The guide includes API-key-based integration steps. This is purpose-aligned, but API keys and app authorizations are sensitive and may grant access to Feishu or third-party data.
自定义集成 **API集成** 1. 获取API密钥 2. 调用API接口 3. 处理响应数据 4. 集成到飞书
Use least-privilege app permissions, keep API keys and webhook URLs secret, rotate exposed keys, and enable Feishu webhook security settings where available.