feishu-send-file Security Report — Trusted | ClawSafe

5 /100

feishu-send-file

Send files, images, and audio messages via Feishu Lark API using the mandatory two-step process

This is a documentation-only Feishu messaging skill with no executable scripts. It provides legitimate API integration guidance with proper security practices for credential handling.

Skill Namefeishu-send-file

Duration32.2s

Enginepi

✓

Safe to install

No action required. The skill is safe to use as documented.

Findings 1 items

Severity	Finding	Location
Low	Documentation references non-existent scripts Doc Mismatch SKILL.md references scripts like ./scripts/send-message.sh, ./scripts/send-image.sh, ./scripts/send-file.sh that are documented but not included in the package. Users must implement these themselves based on the documentation examples. `./scripts/send-message.sh text "你好主人！"` → Either include the actual shell scripts or clarify that users must implement them. Consider adding a scripts/ directory with the actual implementation.	`SKILL.md:50`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in code
Network	`READ`	`READ`	✓ Aligned	Documentation shows read-only API calls to open.feishu.cn
Shell	`NONE`	`NONE`	—	No shell scripts present in the package
Environment	`NONE`	`NONE`	—	Environment variables mentioned in docs for config only
Skill Invoke	`NONE`	`NONE`	—	No skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

10 findings

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/images

MESSAGE_TYPES.md:50

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/files

MESSAGE_TYPES.md:98

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

MESSAGE_TYPES.md:230

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id

MESSAGE_TYPES.md:255

🔗

Medium External URL 外部 URL

https://open.feishu.cn/app

README.md:77

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages/:message_id/reply

SKILL.md:132

🔗

Medium External URL 外部 URL

https://open.feishu.cn/document/server-docs/im-v1/image/create

SKILL.md:514

🔗

Medium External URL 外部 URL

https://open.feishu.cn/document/server-docs/im-v1/file/create

SKILL.md:515

🔗

Medium External URL 外部 URL

https://open.feishu.cn/document/server-docs/im-v1/message/create

SKILL.md:516

📧

Info Email 邮箱地址

[email protected]

SKILL.md:253

File Tree

6 files · 27.8 KB · 1044 lines

Markdown 5f · 1030L JSON 1f · 14L

├─ 📝 CONTRIBUTING.md Markdown 25L · 657 B

├─ 📝 MESSAGE_TYPES.md Markdown 307L · 8.0 KB

├─ 📝 README.md Markdown 125L · 3.3 KB

├─ 📝 SECURITY.md Markdown 56L · 1.1 KB

├─ 📋 skill.json JSON 14L · 486 B

└─ 📝 SKILL.md Markdown 517L · 14.2 KB

Security Positives

✓ No executable code present - documentation only

✓ Credentials handled through environment variables (recommended pattern)

✓ config.json explicitly added to .gitignore to prevent accidental credential commits

✓ No hardcoded credentials in documentation or code

✓ All network calls target only official Feishu API endpoints (open.feishu.cn)

✓ Clear two-step upload-then-send workflow properly documented

✓ Security best practices outlined in SECURITY.md

✓ No suspicious patterns: no base64, no eval(), no reverse shells, no credential harvesting

✓ MIT license with proper attribution

Scan Report

Findings 1 items

File Tree

Security Positives