ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Task Manager

v1.0.0

Manage Feishu tasks by creating, listing, completing, commenting, and organizing to-dos with assignees, due dates, and checklists.

0· 26·0 current·0 all-time
by@a3152557994-ship-it
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and readme describe a straightforward Feishu (Lark) Task API integration (create/list/complete/comment tasks) which legitimately requires Feishu app credentials. However, the registry metadata lists no required environment variables or primary credential. The readme/skill also reference installing ‘feishu-task’ while the registry slug is 'feishu-task-mgr' — a name mismatch that reduces confidence in the package metadata.
Instruction Scope
Runtime instructions are limited to calling Feishu Task API endpoints and standard task operations (no instructions to read arbitrary system files or exfiltrate data). However, the configuration guidance is vague: it tells the user to “configure the credentials in your OpenClaw config” without naming the exact env var keys or where/how they are stored, which grants ambiguous freedom and could mask improper handling of secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That limits the attack surface compared with a skill that downloads or installs code.
!
Credentials
The skill clearly requires Feishu App ID and App Secret (both mentioned in readme/SKILL.md), but the registry metadata declares no required env vars or primary credential. Absence of declared credentials is an incoherence: the skill will need secrets to operate but the metadata provides no guidance about what keys will be read, how they'll be stored, or which permission scope is primary.
Persistence & Privilege
The skill does not request always:true, has no install hooks, and is user-invocable. There is no indication it attempts to modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it claims (use Feishu task APIs) but the metadata is sloppy about credentials and naming. Before installing: (1) ask the author which exact config keys or env var names the skill reads (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET) and whether those are stored or transmitted anywhere; (2) prefer supplying the minimal API permissions the app needs and keep the app unpublished/internally scoped until you trust it; (3) confirm the correct ClawHub package name (feishu-task vs feishu-task-mgr) so you install the intended package; (4) if possible, test with a low-privilege Feishu app and monitor API usage for unexpected endpoints; and (5) avoid installing if you cannot get clear answers about where credentials are read/stored. If the maintainer can update the registry metadata to declare required env vars and primary credential, that would resolve the main coherence concern.

Like a lobster shell, security has layers — review code before you run it.

feishuvk97fk709yz61rrx1h5meqxhd4585abm6larkvk97fk709yz61rrx1h5meqxhd4585abm6latestvk97fk709yz61rrx1h5meqxhd4585abm6taskvk97fk709yz61rrx1h5meqxhd4585abm6todovk97fk709yz61rrx1h5meqxhd4585abm6
26downloads
0stars
1versions
Updated 17h ago
v1.0.0
MIT-0
@a3152557994-ship-it
feishularklatesttasktodo
Download

Feishu Task Manager

Manage Feishu (Lark) tasks and to-dos directly from your AI agent.

Overview

This skill integrates with the Feishu/Lark Task API, allowing you to:

  • Create tasks with assignees, due dates, and descriptions
  • List and query your tasks
  • Mark tasks as complete
  • Add comments to tasks
  • Manage task checklists

Installation

This skill is automatically installed when you install the feishu-task skill from ClawHub.

Configuration

Before using this skill, you need:

  1. A Feishu (Lark) account
  2. A Feishu application with Task permissions

Setting up Feishu App

  1. Go to Feishu Open Platform
  2. Create a new app or select existing app
  3. Enable the following permissions:
    • task:task:readonly
    • task:task:write
    • task:comment:read
    • task:comment:write
  4. Get your App ID and App Secret
  5. Configure the credentials in your OpenClaw config

Usage

Create a Task

Create a task titled "Review PR #42" assigned to @zhangsan, due tomorrow with priority high

List Tasks

Show me all my incomplete tasks
List tasks due this week

Complete a Task

Mark task #123456 as completed

Add Comment

Add comment "LGTM!" to task #123456

Examples

Example 1: Quick Task Creation

Human: Create a task for me to review the Q4 report, due Friday

Agent: (uses feishu_task_tool to create the task)

Example 2: Team Task Management

Human: Assign "Prepare presentation" to all team members, due next Monday

Agent: (creates tasks for each team member)

Example 3: Daily Review

Human: What tasks are due today?

Agent: (queries Feishu API, returns today's tasks)

Technical Details

API Endpoints Used

  • POST /open-apis/task/v2/tasks - Create task
  • GET /open-apis/task/v2/tasks - List tasks
  • PATCH /open-apis/task/v2/tasks/:task_guid - Update task
  • POST /open-apis/task/v2/tasks/:task_guid/complete - Complete task
  • GET /open-apis/task/v2/tasks/:task_guid/comments - Get comments
  • POST /open-apis/task/v2/tasks/:task_guid/comments - Add comment

Rate Limits

  • Standard Feishu API rate limits apply
  • Recommended: batch operations when possible

Troubleshooting

"Unauthorized" Error

  • Check your App ID and App Secret are correct
  • Ensure your app has the required permissions

"Task not found"

  • Verify the task GUID is correct
  • Check the task exists in your Feishu workspace

"Permission denied"

  • Re-check the permission settings in Feishu Open Platform
  • Ensure the app version is published

Changelog

1.0.0 (2026-04-22)

  • Initial release
  • Full task CRUD operations
  • Comment management
  • Assignee support

License

MIT-0

Comments

Loading comments...