Scan Report
5 /100
feishu-report-summary
Read Feishu work-report data through the Report v1 API and turn it into daily or weekly summaries
A legitimate Feishu report integration skill that reads work-report data via official APIs and produces summaries; no malicious behavior detected.
Safe to install
This skill is safe to use. Continue with standard deployment.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Reads ~/.openclaw/openclaw.json for Feishu credentials - declared in SKILL.md |
| Network | READ | READ | ✓ Aligned | Makes outbound calls only to Feishu/Lark Report API endpoints - declared in SKIL… |
| Shell | WRITE | WRITE | ✓ Aligned | Executes node scripts/fetch_report_tasks.js as declared |
File Tree
4 files · 23.5 KB · 767 lines JavaScript 1f · 677L
Markdown 2f · 86L
YAML 1f · 4L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ └─
summary-template.md
Markdown
├─
▾
scripts
│ └─
fetch_report_tasks.js
JavaScript
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@larksuiteoapi/node-sdk | * | bundled | No | Loaded from openclaw installation, not directly vendored |
Security Positives
✓ Uses official @larksuiteoapi/node-sdk for all API interactions
✓ All capabilities declared in SKILL.md match implementation
✓ No credential exfiltration - appId/appSecret used only for Feishu API authentication
✓ No base64, obfuscation, or suspicious encoding patterns
✓ No arbitrary command execution - execFileSync used only for path resolution (npm root, which)
✓ Clean error handling with informative failure messages
✓ No sensitive path access beyond declared config location
✓ Output limited to local file/stdout as specified