yuqing-bitable-and-label
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s XiaoAi-to-Feishu sync purpose is coherent, but it handles powerful credentials and table content in ways that are under-disclosed and potentially unsafe.
Review this skill before installing. Use HTTPS for XiaoAi if possible, give the Feishu app only the minimum table permissions needed, disable run_labeling unless you approve any external model provider data sharing, protect or clear the .cache token files, and verify that no cron job is running unless you intentionally want recurring sync.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your XiaoAi token and retrieved records could be exposed or modified in transit if the default HTTP endpoint is used.
The skill asks for a bearer token while defaulting the XiaoAi API base URL to plaintext HTTP. The code uses that token for XiaoAi API calls, so the default configuration can expose credentials and synced data to network interception.
xiaoai_token ... description: 小爱接口 token(Bearer 后面的部分) ... xiaoai_base_url ... default: "http://wisers-data-service.wisersone.com.cn" ... permissions ... "http://wisers-data-service.wisersone.com.cn"
Use an HTTPS XiaoAi endpoint if available, reject non-HTTPS token-bearing URLs by default, and document any unavoidable HTTP transport risk clearly before use.
Record titles, body text, OCR content, and related labels may be sent to OpenAI or another configured model gateway without the user realizing this from the skill metadata.
When OpenAI-compatible environment variables are present, the labeling code sends Feishu record-derived prompts to an external model endpoint. SKILL.md describes OpenClaw built-in labeling and only lists Feishu/XiaoAi network permissions, so this provider data flow is under-disclosed.
OPENAI_API_KEY = os.getenv("OPENAI_API_KEY") or ""
OPENAI_BASE_URL = (os.getenv("OPENAI_BASE_URL") or "https://api.openai.com/v1").rstrip("/") ... url = f"{OPENAI_BASE_URL}/chat/completions" ... "messages": [{"role": "system", "content": system}, {"role": "user", "content": user}]Require an explicit user opt-in for third-party model calls, declare the model provider/network permission and env vars, and keep run_labeling disabled unless the data-sharing boundary is acceptable.
Another local process or user with access to the skill directory may be able to reuse the cached Feishu tenant token during its validity window.
The code persists a Feishu tenant access token to a local JSON cache file. This is useful for performance but stores delegated account authority on disk without visible file-permission hardening in the provided artifact.
TOKEN_CACHE_FILE = os.path.join(CACHE_DIR, 'tenant_token.json') ... json.dump({'token': data["tenant_access_token"], 'timestamp': time.time()}, f)Document the cache, restrict file permissions, avoid token persistence when possible, and provide a clear cleanup command for .cache/tenant_token.json.
The Feishu app credentials can add or update data in the selected Bitable, and mistakes in configuration can affect business records.
The skill is designed to write records and optionally write labels back to Feishu Bitable. This is purpose-aligned, but it is still high-impact mutation authority over a workspace table.
先从小爱数据接口增量拉取数据写入飞书多维表,再对多维表做增量标注 ... outputs ... inserted_count ... labeling_updated_count
Use a least-privilege Feishu app, test on a non-production table first, keep labeling_limit small, and back up important tables before enabling writes.
If that cron entry exists or is added, the sync can keep running and mutating Feishu data every 10 minutes outside a one-time skill invocation.
The documentation describes recurring cron execution. The provided install spec does not show automatic cron installation, so this is a persistence note rather than proof of hidden background execution.
已配置 cron,每 10 分钟执行一次: */10 * * * * /home/admin/.openclaw/workspace/skills/yuqing-data-to-bitable/sync.sh
Only enable scheduled sync intentionally, verify the user crontab after installation, and remove the cron entry when the skill should no longer run.