feishu-safety-guide
Enhances Feishu's security governance with anti-data-leakage measures, credential protection, and auditing capabilities.
Install this skill
or
64/100
Security score
The feishu-safety-guide skill was audited on May 20, 2026 and we found 8 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 14
Webhook reference - potential data exfiltration
SourceSKILL.md
| 14 | **Credential Convention:** This Skill uses `$FS_TOKEN` to refer generally to Feishu API credentials, covering `app_access_token`, `tenant_access_token`, Webhook URLs, robot tokens and all high-privile |
medium line 29
Webhook reference - potential data exfiltration
SourceSKILL.md
| 29 | | **Credential Tampering and Leakage** | Writing plaintext `$FS_TOKEN` (app_access_token / tenant_access_token / Webhook URL) in chat messages, cloud documents, or multi-dimensional tables; modifying |
medium line 32
Webhook reference - potential data exfiltration
SourceSKILL.md
| 32 | | **Webhook Abuse** | Sending arbitrary data (including business data, system information) via Webhook URL to third-party platforms outside Feishu; POSTing data to Webhook endpoints without confirming |
medium line 45
Webhook reference - potential data exfiltration
SourceSKILL.md
| 45 | - Rotating `$FS_TOKEN` (app_secret updates, Webhook URL rebuilding) |
medium line 52
Webhook reference - potential data exfiltration
SourceSKILL.md
| 52 | In Feishu scenarios, the danger of malicious Skills/MCPs is: **a malicious Skill doesn't need root privileges, only a Feishu message sending permission to quietly forward sensitive information from th |
medium line 59
Webhook reference - potential data exfiltration
SourceSKILL.md
| 59 | - Whether there are hardcoded Feishu Webhook URLs |
low line 84
Webhook reference - potential data exfiltration
SourceSKILL.md
| 84 | Webhook URL : open\.feishu\.cn/open-apis/bot/v2/hook/ |
medium line 140
Access to hidden dotfiles in home directory
SourceSKILL.md
| 140 | Add the following rules to the **Memory** section of `~/.openclaw/workspace/AGENTS.md` file: |
Scanned on May 20, 2026
View Security Dashboard