feishu-doc-block-writer Security Report — Trusted | ClawSafe

5 /100

feishu-doc-block-writer

飞书文档 Block 拆分写入技能 - 自动将长内容拆分为多个 Blocks 写入飞书文档

This is a documentation-only AI skill package with no executable scripts. The skill consists only of markdown documentation files describing a Feishu document block-writer tool — no malicious code, credential access, network calls, or obfuscation detected.

Skill Namefeishu-doc-block-writer

Duration31.6s

Enginepi

✓

Safe to install

This skill is safe to use. No executable scripts were found in the package. If scripts are expected, ensure they are reviewed separately when added.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No script files present in the package
Network	`NONE`	`NONE`	—	Only references external feishu.cn URLs in documentation examples
Shell	`NONE`	`NONE`	—	No shell execution code found
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`NONE`	`NONE`	—	Skill describes feishu_doc tool usage but contains no invoke code
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`NONE`	—	No browser automation code detected
Database	`NONE`	`NONE`	—	No database access detected

3 findings

🔗

Medium External URL 外部 URL

https://feishu.cn/wiki/W5udwK8V7ip7bskn3EhcPTbOnOp

QUICK-REFERENCE.md:74

🔗

Medium External URL 外部 URL

https://applink.feishu.cn/doc/abc123xyz

QUICK-REFERENCE.md:138

🔗

Medium External URL 外部 URL

https://scns3ak4jrto.feishu.cn/docx/ABCxyz123456

SKILL.md:232

File Tree

4 files · 21.9 KB · 1001 lines

Markdown 3f · 982L JSON 1f · 19L

├─ 📝 QUICK-REFERENCE.md Markdown 192L · 4.3 KB

├─ 📋 skill.json JSON 19L · 490 B

├─ 📝 SKILL.md Markdown 536L · 11.5 KB

└─ 📝 TEST-REPORT.md Markdown 254L · 5.7 KB

Security Positives

✓ Documentation-only package — no executable code present

✓ No credential theft, credential harvesting, or environment variable enumeration

✓ No network exfiltration, C2 communication, or external IP calls

✓ No obfuscation, base64-encoded execution, or anti-analysis techniques

✓ No supply chain risks — no dependencies (no requirements.txt, package.json, Cargo.toml, etc.)

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)

✓ No prompt injection or jailbreak instructions

✓ External URLs in documentation are only legitimate feishu.cn example links

✓ No reverse shell, RCE, or arbitrary command execution indicators

✓ Skill metadata (skill.json) is properly structured with clear author and version info

✓ SKILL.md documentation is thorough and accurately describes the expected behavior

Scan Report

File Tree

Security Positives