ClawHub

慧科小爱舆情数据同步

v1.1.0

Incrementally fetch data from Huike/Xiaoai API and write to Feishu Bitable, supporting automatic partitioning for tables over 10,000 records.

0· 144·0 current·0 all-time
by@frankieway
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it fetches from Huike/Xiaoai and writes to Feishu Bitable; SKILL.md inputs (app_id, app_secret, xiaoai_token, bitable_url, base URL) and the Python code implement exactly that. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Entrypoint runs sync_skill.py which reads the declared inputs and calls excel_to_feishu_bitable. The code only reads/writes a local .cache directory (tenant token and key cache) and performs HTTP calls to Feishu and the configured Huike/Xiaoai base URL. It does not read arbitrary system files or exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec (instruction-only skill) beyond shipping Python source files. The package will place code on disk (normal for a code-based skill) but there are no external installers, downloads, or archive extraction steps.
Credentials
Required secrets (Feishu APP_ID/APP_SECRET, Xiaoai token) are proportional to the described integration. The skill caches the tenant_access_token and some key lists to a local .cache file — reasonable for performance but these files contain tokens/IDs and should be treated as sensitive.
Persistence & Privilege
always is false; the skill does not request permanent platform-level privileges or modify other skills. It writes cache files into its own directory but does not alter system-wide configuration.
Assessment
This skill appears to do exactly what it says: call the Huike/Xiaoai API and write records into a Feishu Bitable. Before installing, note: (1) you must provide a Feishu APP_ID/APP_SECRET and a Xiaoai token — grant these only to a dedicated app/account with minimal permissions; (2) the skill caches tokens and key lists under a .cache directory next to the code (these files contain sensitive tokens/IDs), so avoid running it on shared machines or where others can read the skill directory; (3) network calls are limited to the Feishu open API and the configured Huike base URL (default wisers-data-service...), so review the base URL if you plan to change it; (4) review the Feishu app scopes you grant (bitable read/write) to limit blast radius. If you need higher assurance, request a review of the Feishu app permissions and verify the Xiaoai token scope and rotation policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk974g1f6qxe2zsab13szbq6m9x83g302

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments