yuqing-bitable-and-label
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its stated sync-and-label purpose, but it sends sensitive tokens/data through under-bounded external provider flows, including a default plain-HTTP XiaoAi API endpoint and an undeclared optional OpenAI-compatible model gateway.
Install only if you are comfortable granting Feishu write access and XiaoAi API access. Before use, switch the XiaoAi base URL to HTTPS if available, verify the Feishu app is least-privilege, decide explicitly whether external OPENAI_* model labeling is allowed, and check whether any cron job or cached token files exist.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A network observer could potentially see or intercept the XiaoAi token and synchronized data when the default HTTP endpoint is used.
The skill requires a XiaoAi bearer token while the default XiaoAi API base URL is plain HTTP. The provided sync code uses that token as an Authorization bearer header when posting to the XiaoAi API, so credentials and source data may traverse an unencrypted channel unless the user overrides the URL.
xiaoai_token ... required: true ... xiaoai_base_url ... default: "http://wisers-data-service.wisersone.com.cn"
Use an HTTPS XiaoAi endpoint, validate/allowlist the API host, and avoid sending bearer tokens to plain-HTTP or untrusted base URLs.
Bitable record content such as titles, body text, OCR text, and related metadata may be sent to a third-party or custom model gateway without the user noticing from the main skill manifest.
If OPENAI_API_KEY and OPENAI_MODEL are present, the labeling path sends record-derived prompts, including Bitable text fields, to an OpenAI-compatible model endpoint. SKILL.md permissions list only Feishu and XiaoAi network destinations, so this external model data flow is under-disclosed.
OPENAI_BASE_URL = (os.getenv("OPENAI_BASE_URL") or "https://api.openai.com/v1").rstrip("/") ... url = f"{OPENAI_BASE_URL}/chat/completions" ... "messages": [{"role": "system", "content": system}, {"role": "user", "content": user}]Declare the model-provider data flow and required OPENAI_* variables in SKILL.md, require explicit opt-in for external LLM labeling, and restrict OPENAI_BASE_URL to trusted endpoints.
Anyone with access to the skill directory during the token lifetime may be able to read a cached Feishu tenant token.
The skill obtains a Feishu tenant access token from the provided app credentials and caches it locally for performance. This is purpose-aligned for Feishu API access, but it creates a local credential artifact.
TOKEN_CACHE_FILE = os.path.join(CACHE_DIR, 'tenant_token.json') ... json.dump({'token': data["tenant_access_token"], 'timestamp': time.time()}, f)Store cached tokens with restrictive file permissions, document the cache location and lifetime, and clear the cache when uninstalling or rotating credentials.
The skill can add or update records and labeling fields in the target Feishu Bitable when invoked with valid app credentials.
The core workflow writes synchronized records and optional labels back into a Feishu Bitable. This mutation authority is expected for the skill's purpose, but users should understand that it changes third-party workspace data.
先从小爱数据接口增量拉取数据写入飞书多维表,再对多维表做增量标注
Use a least-privilege Feishu app, test on a limited Bitable view first, and keep labeling limits and sync windows appropriate.
If the cron job is installed manually or already exists, the sync can continue running periodically using stored environment credentials.
The artifact includes documentation and scripts for recurring background synchronization. No install spec shows automatic cron installation, so this is a notice rather than proof of hidden persistence.
已配置 cron,每 10 分钟执行一次: ```bash */10 * * * * /home/admin/.openclaw/workspace/skills/yuqing-data-to-bitable/sync.sh ```
Check crontab and the skill directory before and after installation, and only enable scheduled execution intentionally.