Safety Report

Feishu Workspace

Name: Feishu Workspace
Author: xiaonizhou-crypto

Use when the user wants to work with Feishu Docs, Wiki, or Bitable for practical team workflows such as meeting notes, knowledge lookup, and project tracking.

25Downloads

0Installs

0Stars

1Versions

Workflow Automation3,323 Search & Retrieval2,116 Calendar & Scheduling1,462 Documentation1,163

Security Analysis

medium confidence

Suspicious0.08 risk

The skill's stated purpose is to read/write Feishu Docs/Wiki/Bitable, but it declares no credentials or install steps and the runtime instructions are vague about how API access will occur — coherent intent but under-specified and potentially misleading.

Mar 14, 20263 files3 concerns

Purpose & Capabilitynote

The name/description explicitly target Feishu Docs, Wiki, and Bitable (read/write/search). That purpose normally requires Feishu app credentials or a connector. The skill is instruction-only and requests no env vars or credentials — plausible if the platform already provides a Feishu connector, but the registry metadata does not state that. This is an under-specification rather than an outright mismatch.

Instruction Scopenote

SKILL.md stays on-topic (search wiki, write docs, map bitable fields) and does not instruct reading unrelated system files or secrets. However the instructions are high-level and assume the agent can inspect table metadata and perform reads/writes given a URL — it does not specify which endpoints to call or how to obtain access. The vagueness grants the agent broad discretion to attempt Feishu API calls or to ask for credentials, which should be explicit.

Install Mechanismok

No install spec and no code files are included (instruction-only). This is the lowest-risk delivery mechanism and consistent with a guidance-style skill.

Credentialsconcern

The skill declares no required env vars or primary credential despite describing read/write operations that typically need Feishu app tokens and scopes. Absence of explicit credential requirements is surprising and could mislead users about what will be needed or what the agent will request at runtime.

Persistence & Privilegeok

always is false and model invocation is allowed (platform default). The skill does not request elevated persistence or to modify other skills or system-wide settings.

Guidance

This skill documents how an agent should work with Feishu content but does not declare how it will obtain API access. Before installing or enabling it: confirm whether your OpenClaw agent or platform already has a Feishu connector (and what scopes it exposes), or whether you'll need to supply Feishu app credentials. Ask the skill author to declare required env vars and exact Feishu API scopes (read/write for Docs, Wiki search, Bitable field write) and to explain where data is sent. If the agent will act autonomously, restrict granted Feishu scopes to the minimum needed and test with a non-production workspace first. Refuse to provide broad account-level tokens until those details are clarified.

Latest Release

v0.1.0

Initial release of Feishu Workspace skill. - Enables workflows with Feishu Docs, Wiki, and Bitable for team productivity. - Supports writing, updating, and searching docs, wikis, and structured Bitable records. - Provides clear guidelines for preferred workflows and output style. - Includes practical use cases (meeting notes, project tracking, action items). - Adds transparent failure handling instructions for common access or operation issues.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @xiaonizhou-crypto on ClawHub