ClawHub

Feishu

v1.0.5

飞书深度集成技能。不是简单的消息桥接,而是你的数字指挥中枢。专为中国企业高压协作环境设计,理解“分寸”与“效率”两套并行规则,把消息、审批、会议、文档、多维表格、日程与邮箱,压缩成有优先级、可执行的行动链。

3· 3.1k·42 current·45 all-time
by@agisearch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim deep Feishu integration and the skill only requests FEISHU_APP_ID and FEISHU_APP_SECRET, which are the expected credentials for a Feishu API integration. No unrelated env vars, binaries, or config paths are requested. Minor metadata inconsistency: initial top-level metadata listed no homepage/source, but skill.json contains a GitHub homepage — this is a small provenance gap but not a technical mismatch.
Instruction Scope
The SKILL.md is an instruction-only orchestrator: it defines a handshake (default read-only 'Counselor' mode) and describes read and optional write behaviors. It does not instruct reading arbitrary host files or unrelated environment variables. Runtime network I/O and Feishu access are expected to go through the host platform's Feishu Connector (the skill assumes the connector will perform API calls).
Install Mechanism
No install spec and no code files with executable install steps — the skill is instruction-only, so nothing will be written to disk or pulled from third-party URLs during installation.
Credentials
Requiring FEISHU_APP_ID and FEISHU_APP_SECRET is proportionate to the claimed functionality. The primaryEnv is declared consistently. There are no additional secrets requested that would be unexpected for a Feishu integration.
Persistence & Privilege
always is false (normal). The skill allows autonomous invocation by design (platform default). The SKILL.md supports an execution mode that can perform writes after user authorization; this is a legitimate capability but increases risk if you enable it without understanding the exact actions the host connector will perform. The skill does not itself persist credentials (instruction-only).
Assessment
This skill appears coherent: it asks only for the Feishu app id/secret and provides a clear default read-only handshake. Before installing, verify the following: 1) confirm which host 'Feishu Connector' will be used and how it stores/uses FEISHU_APP_SECRET (avoid sending secrets to unknown third-party connectors); 2) keep the default 'Counselor' (read-only) mode until you test outputs and understand what write actions the execution mode can perform; 3) if provenance matters, ask the publisher for the source repo or cryptographic provenance (skill.json lists a GitHub homepage but the package source was 'unknown'); 4) rotate the FEISHU_APP_SECRET if you later remove the skill or suspect misuse. If you want, provide the platform connector details and I can review whether the connector's API calls and scopes are appropriate for this skill.

Like a lobster shell, security has layers — review code before you run it.

chinavk97eq1xj5kc707nsgytf9tsd2982jaapcollaborationvk97eq1xj5kc707nsgytf9tsd2982jaapenterprisevk97eq1xj5kc707nsgytf9tsd2982jaapfeishuvk97eq1xj5kc707nsgytf9tsd2982jaaplarkvk97eq1xj5kc707nsgytf9tsd2982jaaplatestvk973p3s0dt1wygt57668cb16a582p0zf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvFEISHU_APP_ID, FEISHU_APP_SECRET
Primary envFEISHU_APP_ID

Comments