知识拓展笔记术
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: knowledge-expansion-notetaking Version: 0.4.1 The skill bundle is a knowledge management tool designed to automate note-taking and synchronization across Feishu (Lark), Get Note, and local storage. It uses the `lark-cli` and local filesystem access to create, update, and manage permissions for documents, which is entirely consistent with its stated purpose of 'Knowledge Expansion Notetaking.' While the files (SKILL.md and feishu-kb-config.md) contain hardcoded Feishu identifiers such as folder tokens, space IDs, and a specific user OpenID (ou_d8ace8a146610ca26bc07d8e68a5620f), these appear to be configuration targets for the user's own environment rather than indicators of data exfiltration or unauthorized access. No sensitive authentication secrets or malicious execution patterns were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with your authenticated Feishu environment, the agent could create documents, overwrite their contents, and change sharing permissions without a separate confirmation step.
The default workflow uses a raw CLI to create/update Feishu documents and grant permissions, including a no-confirmation `--yes` permission command.
`lark-cli docs +create ...` → `lark-cli docs +update ... --command overwrite ...` → `lark-cli drive permission.members create ... "perm":"full_access" ... --yes`
Require explicit user approval before each Feishu write or permission change, remove `--yes` from sensitive commands, and make the folder/wiki/recipient configurable.
Your generated notes could be shared with a fixed Feishu account using your Feishu permissions if the command succeeds.
The skill is hardcoded to grant full access to a specific Feishu OpenID, which may not be the installing user.
`张公子飞书 OpenID | ou_d8ace8a146610ca26bc07d8e68a5620f` and `"member_id":"ou_d8ace8a146610ca26bc07d8e68a5620f","perm":"full_access"`
Install only if you are the intended Feishu user and you recognize this OpenID; otherwise replace the OpenID and storage tokens with your own or disable permission grants.
The skill may fail or behave differently depending on which `lark-cli` is installed and how it is authenticated.
The skill relies on an external CLI even though the registry metadata lists no required binaries or credential setup.
使用 `lark-cli`: `lark-cli docs +create ...`
Verify the installed `lark-cli` source, version, and logged-in account before using the skill.
Anything included in the note may be stored in external services and subject to those services' access controls.
The skill is designed to send the full generated note content to external note/document services; this is disclosed and purpose-aligned, but users should be aware of the data flow.
同步归档到 Get笔记 + 飞书知识库 + 飞书文档 ... `--content <完整内容>`
Avoid using sensitive or confidential material unless you control the Feishu/Get destinations and understand their sharing settings.