ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Literature Manager

v1.1.1

Automated literature retrieval and Feishu Bitable management. Use when user requests to create a literature database, search PubMed for specific topics, or m...

0· 63·0 current·0 all-time
by@chenruao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's purpose is to create and populate Feishu Bitable records from PubMed. That capability justifies the included PubMed search and XML parsing code. However, the SKILL.md clearly requires an app_token/table_id to create fields and records in Feishu, yet the registry metadata lists no required environment variables or primary credential. The SKILL.md also instructs parsing a table URL to obtain an app_token — this may be possible for some Feishu share URLs but is not guaranteed and is not documented in the package metadata. The absence of any declared Feishu credential requirement is an incoherence.
Instruction Scope
Instructions describe full workflow (search, parse, translate, create 17 fields, set table permissions to full_access, batch processing, saving state for resumption). These steps stay within the claimed purpose, but several operational directives are open-ended: 'save state (PMIDs retrieved, current batch)' with no persistence mechanism specified; 'translate titles and abstracts' with no translation service or credential described; and setting 'table permissions (full_access)' which requires high privileges. The SKILL.md also recommends parallel API calls (5–10 concurrent creates) — efficient but increases risk if credentials are mishandled or if Feishu rate limits exist.
Install Mechanism
No install spec (instruction-only plus small helper scripts). No downloads or external installers, so there is low risk from installation. Python helper scripts are included but not automatically installed; they appear to be utility code for parsing/fetching PubMed data.
!
Credentials
The skill will need access to Feishu (app_token/app credentials or a writable table URL) to create fields/records and to set permissions, but the declared requirements list no env vars or credentials. The SKILL.md example uses parameters like feishu_bitable_create_field(app_token="app_token", table_id="table_id"), implying an app_token is required; the metadata's omission of any Feishu credential is disproportionate and unexplained. Additionally, the skill requests setting 'full_access' permissions on tables — that requires elevated rights and should be explicitly justified and limited. The skill also calls external PubMed APIs (no key required) and suggests translation steps but doesn't declare which translation service (and any required credentials) will be used.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent 'always' presence. However, SKILL.md asks to 'save state' for resumption; how and where this state is stored is unspecified. That is an operational omission but not an immediate privilege escalation in the metadata.
What to consider before installing
Before installing, ask the author or publisher how Feishu credentials (app_token, app secret, or OAuth) are provided and stored — the registry metadata claims no required env vars but the README/examples clearly need an app_token and the ability to set table permissions. Confirm whether the skill will ask you to paste a writable table URL (and whether that URL actually contains a usable token) or whether you must supply credentials manually. Insist on least-privilege: prefer a Feishu app token limited to only the target table and write scope, not an org-wide admin token. Verify where 'saved state' (PMIDs, batches) will be stored and ensure it won't persist credentials or sensitive data. If you care about data exposure, review the code paths that build feishu_bitable_create_record calls and where tokens/URLs are logged or stored; you may also want the skill to avoid setting 'full_access' automatically and instead request explicit permission for any permission changes. Finally, confirm expected translation service and quota/parallel-call behavior to avoid accidental rate-limits or heavy concurrency that could cause failures or unintended writes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehmyhpq336ksg14bzagt2gx83gjh8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments