ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Catfee飞书群聊总结

v1.2.0

飞书群聊总结技能。当用户说"总结群聊"、"拉取聊天记录"、"看看这个群说了啥"、"这周说了啥"、"最近咋样"、"最近一个月"、"最近一周"、"帮我看看这几天"等时触发。能识别时间范围(默认7天),拉取消息后生成摘要回复到群里,并创建飞书文档链接。

0· 113·0 current·0 all-time
by冢猫@glory904649854

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for glory904649854/catfee-feishu-recorder.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Catfee飞书群聊总结" (glory904649854/catfee-feishu-recorder) from ClawHub.
Skill page: https://clawhub.ai/glory904649854/catfee-feishu-recorder
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install catfee-feishu-recorder

ClawHub CLI

Package manager switcher

npx clawhub@latest install catfee-feishu-recorder
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (Feishu group summary) align with the code and SKILL.md: the script fetches group messages, summarizes them, and creates a Feishu document. However the registry metadata claims no required environment variables/credentials while SKILL.md and the script require FEISHU_APP_ID and FEISHU_APP_SECRET — a clear metadata mismatch.
!
Instruction Scope
SKILL.md and the script stay within the stated scope (pull messages, summarize, create doc). But the script writes a temporary markdown file with message content and invokes an external CLI ('feishu-docs') via subprocess, passing the FEISHU_* credentials in the subprocess environment. That risks local persistence of sensitive chat content and possible exposure of credentials if the CLI is untrusted or logs environment variables. The script also caps pulls and may page through many messages — no explicit safeguards for extremely large exports.
Install Mechanism
No install spec (instruction-only) — low risk from installs. However the code expects an external binary ('feishu-docs') which is not declared in requirements or the SKILL.md installation section; this implicit dependency could lead to executing a third-party binary of unknown provenance if installed without verification.
Credentials
The only secrets used are FEISHU_APP_ID and FEISHU_APP_SECRET, which are proportionate to a Feishu integration. The concern is that these env vars are not declared in the skill registry metadata (but are documented in SKILL.md and enforced by the script). No other unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It will write a temporary markdown file in the working directory and may leave it behind — a data persistence/privacy consideration but not an overbroad platform privilege.
What to consider before installing
This skill appears to implement what it claims (fetch Feishu chat messages, summarize, create a doc) but has a few red flags you should address before installing: - Metadata mismatch: the registry does not list the required FEISHU_APP_ID and FEISHU_APP_SECRET even though SKILL.md and the script require them. Consider asking the publisher to correct the metadata so permission/credential prompts are accurate. - Review the 'feishu-docs' CLI dependency: the script calls an external binary via subprocess and passes credentials through the environment. Only install or allow a trusted feishu-docs binary from an official source, and inspect it before use. - Sensitive data at rest: the script writes a temporary markdown file with chat content (tmp_chat_summary.md). Ensure the runtime environment is trusted, and consider modifying the script to securely delete the temp file after upload or to stream the content instead of writing to disk. - Least privilege: create Feishu credentials scoped as narrowly as possible (read-only im:message:readonly and doc create as needed) and rotate them if accidentally exposed. - Test in a safe environment first: run with a small chat and limited date range to confirm behavior and outputs. If you need more assurance, request a full, untruncated copy of the script from the publisher (the provided script was truncated in the listing) and have it reviewed for any hidden network calls or data exfiltration logic. Given the credential handling and subprocess invocation, treat this skill cautiously until you verify the external CLI and fix the metadata mismatch.

Like a lobster shell, security has layers — review code before you run it.

latestvk979smdq4t22jbkh192m56w88184c21n
113downloads
0stars
4versions
Updated 3w ago
v1.2.0
MIT-0
冢猫@glory904649854
latest
Download

catfee-feishu-recorder

飞书群聊总结技能。

触发关键词

总结群聊 | 拉取聊天记录 | 最近一周 | 最近一个月 | 帮我看看这几天

功能说明

  1. 拉取群聊消息(默认7天,可自定义时间范围)
  2. 生成摘要统计(活跃成员Top10、消息分布等)
  3. 生成完整聊天记录(含发送者ID、昵称、时间、内容)
  4. 创建飞书文档保存记录

凭证配置(必须)

在运行前设置环境变量:

FEISHU_APP_ID=cli_xxxxxxxxxx
FEISHU_APP_SECRET=your_secret_here

获取方式:飞书开放平台 → 应用凭证

必选权限

  • im:message:readonly(读取群消息)
  • docx:document:create(创建云文档)

调用示例

python scripts/summarize.py <chat_id> <时间范围>

python scripts/summarize.py oc_281d2d2dcec5e1fcd29d7ac809e75111 "最近7天"
python scripts/summarize.py oc_281d2d2dcec5e1fcd29d7ac809e75111 "2026-04-01"

时间范围输入格式

输入范围
今天/昨天1天
最近几天/这周7天
最近两周14天
最近一个月30天
2026-04-01指定日期至今

飞书文档内容

生成的文档包含两部分:

摘要部分:

  • 时间范围、总消息数
  • 活跃成员Top10排行(昵称 + ID + 消息数)
  • 最近20条消息预览

完整记录部分:

  • 所有文本消息列表
  • 每条记录包含:时间、发送者ID、发送者昵称、消息内容

Comments

Loading comments...