feishu-doc-block-writer 安全扫描报告 — 可信 | ClawSafe

5 /100

feishu-doc-block-writer

飞书文档 Block 拆分写入技能 - 自动将长内容拆分为多个 Blocks 写入飞书文档

This is a documentation-only AI skill package with no executable scripts. The skill consists only of markdown documentation files describing a Feishu document block-writer tool — no malicious code, credential access, network calls, or obfuscation detected.

技能名称feishu-doc-block-writer

分析耗时31.6s

引擎pi

✓

可以安装

This skill is safe to use. No executable scripts were found in the package. If scripts are expected, ensure they are reviewed separately when added.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No script files present in the package
网络访问	`NONE`	`NONE`	—	Only references external feishu.cn URLs in documentation examples
命令执行	`NONE`	`NONE`	—	No shell execution code found
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	Skill describes feishu_doc tool usage but contains no invoke code
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`NONE`	—	No browser automation code detected
数据库	`NONE`	`NONE`	—	No database access detected

3 项发现

🔗

中危外部 URL 外部 URL

https://feishu.cn/wiki/W5udwK8V7ip7bskn3EhcPTbOnOp

QUICK-REFERENCE.md:74

🔗

中危外部 URL 外部 URL

https://applink.feishu.cn/doc/abc123xyz

QUICK-REFERENCE.md:138

🔗

中危外部 URL 外部 URL

https://scns3ak4jrto.feishu.cn/docx/ABCxyz123456

SKILL.md:232

目录结构

4 文件 · 21.9 KB · 1001 行

Markdown 3f · 982L JSON 1f · 19L

├─ 📝 QUICK-REFERENCE.md Markdown 192L · 4.3 KB

├─ 📋 skill.json JSON 19L · 490 B

├─ 📝 SKILL.md Markdown 536L · 11.5 KB

└─ 📝 TEST-REPORT.md Markdown 254L · 5.7 KB

安全亮点

✓ Documentation-only package — no executable code present

✓ No credential theft, credential harvesting, or environment variable enumeration

✓ No network exfiltration, C2 communication, or external IP calls

✓ No obfuscation, base64-encoded execution, or anti-analysis techniques

✓ No supply chain risks — no dependencies (no requirements.txt, package.json, Cargo.toml, etc.)

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)

✓ No prompt injection or jailbreak instructions

✓ External URLs in documentation are only legitimate feishu.cn example links

✓ No reverse shell, RCE, or arbitrary command execution indicators

✓ Skill metadata (skill.json) is properly structured with clear author and version info

✓ SKILL.md documentation is thorough and accurately describes the expected behavior