feishu-send-file 安全扫描报告 — 可信 | ClawSafe

5 /100

feishu-send-file

Send files, images, and audio messages via Feishu Lark API using the mandatory two-step process

This is a documentation-only Feishu messaging skill with no executable scripts. It provides legitimate API integration guidance with proper security practices for credential handling.

技能名称feishu-send-file

分析耗时32.2s

引擎pi

✓

可以安装

No action required. The skill is safe to use as documented.

安全发现 1 项

严重性	安全发现	位置
低危	Documentation references non-existent scripts 文档欺骗 SKILL.md references scripts like ./scripts/send-message.sh, ./scripts/send-image.sh, ./scripts/send-file.sh that are documented but not included in the package. Users must implement these themselves based on the documentation examples. `./scripts/send-message.sh text "你好主人！"` → Either include the actual shell scripts or clarify that users must implement them. Consider adding a scripts/ directory with the actual implementation.	`SKILL.md:50`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in code
网络访问	`READ`	`READ`	✓ 一致	Documentation shows read-only API calls to open.feishu.cn
命令执行	`NONE`	`NONE`	—	No shell scripts present in the package
环境变量	`NONE`	`NONE`	—	Environment variables mentioned in docs for config only
技能调用	`NONE`	`NONE`	—	No skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

10 项发现

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/images

MESSAGE_TYPES.md:50

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/files

MESSAGE_TYPES.md:98

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

MESSAGE_TYPES.md:230

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id

MESSAGE_TYPES.md:255

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/app

README.md:77

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages/:message_id/reply

SKILL.md:132

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/document/server-docs/im-v1/image/create

SKILL.md:514

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/document/server-docs/im-v1/file/create

SKILL.md:515

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/document/server-docs/im-v1/message/create

SKILL.md:516

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:253

目录结构

6 文件 · 27.8 KB · 1044 行

Markdown 5f · 1030L JSON 1f · 14L

├─ 📝 CONTRIBUTING.md Markdown 25L · 657 B

├─ 📝 MESSAGE_TYPES.md Markdown 307L · 8.0 KB

├─ 📝 README.md Markdown 125L · 3.3 KB

├─ 📝 SECURITY.md Markdown 56L · 1.1 KB

├─ 📋 skill.json JSON 14L · 486 B

└─ 📝 SKILL.md Markdown 517L · 14.2 KB

安全亮点

✓ No executable code present - documentation only

✓ Credentials handled through environment variables (recommended pattern)

✓ config.json explicitly added to .gitignore to prevent accidental credential commits

✓ No hardcoded credentials in documentation or code

✓ All network calls target only official Feishu API endpoints (open.feishu.cn)

✓ Clear two-step upload-then-send workflow properly documented

✓ Security best practices outlined in SECURITY.md

✓ No suspicious patterns: no base64, no eval(), no reverse shells, no credential harvesting

✓ MIT license with proper attribution