Article Workflow
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s article workflow is mostly coherent, but it needs review because it uses Feishu write credentials, contains token-like examples, and has a few under-disclosed automation and file-handling behaviors.
Before installing, verify the source and install.sh, replace or remove all token-like example values, declare/use your own Feishu credentials only for the intended table, and enable Heartbeat automation only if you want scheduled processing.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these values are real or copied, they could expose or confuse access to a Feishu Bitable resource and blur which account/table the skill will write to.
The documentation includes realistic token/table-id values rather than placeholders. The skill also requires Feishu/Bitable credentials, while registry metadata declares no primary credential or required env vars.
"app_token": "FOKgbCL2FarkSusBCRkcz4JZnad", "table_id": "tblyYMAnktSwNQ2i"
Replace all token-like examples with obvious placeholders, rotate any real tokens that may have been published, and declare the Feishu/Bitable credential requirements in metadata.
Users may rely on the stated data boundary while temporary image files are actually written elsewhere on the local system.
This code creates a temp directory outside the skill folder, which conflicts with SKILL.md’s security statement that all data/log files stay under skills/article-workflow and that it does not access files outside the workspace.
def __init__(self, temp_dir: str = "/tmp/openclaw/covers"):
Update the security description to disclose /tmp usage or change the code to store temporary files under the skill’s data directory with cleanup controls.
A malicious article could try to influence the generated summary, tags, or archived content.
Arbitrary fetched article content is inserted into an LLM analysis prompt; the prompt does not explicitly tell the agent/model to treat article text as untrusted data.
文章内容:\n{content}\n\n请按以下要求输出:Add prompt wording that article content is untrusted data, ignore instructions inside it, and keep Feishu writes constrained to the user-requested URL.
Running the command deletes the local skill copy and any files inside it.
A destructive shell command is documented, but it appears under uninstall instructions and targets this skill’s own directory.
rm -rf ~/.openclaw/workspace/skills/article-workflow
Keep the uninstall command user-confirmed and remind users to back up config/data before running it.
Users may run local setup code from a source that is not identified in the registry metadata.
The skill is marked as having no install spec, but the documentation instructs users to clone an unspecified repository and run an install script.
git clone <repo_url> article-workflow\ncd article-workflow\n./install.sh
Publish a verified homepage/source URL, pin install steps, and let users inspect install.sh before running it.
If enabled, the workflow may process and archive links on a schedule rather than only during a direct manual request.
The skill supports scheduled automatic processing when Heartbeat is configured, including monitoring and processing article links.
Heartbeat 自动触发需要在 HEARTBEAT.md 中配置
Enable Heartbeat only intentionally, restrict monitored chats/sources, and review logs and generated Feishu records.