Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
feishu-bot
v1.0.0飞书(Feishu/Lark)文档与消息操作技能。When to use: 用户要求创建、删除、修改飞书文档;查询或更新文档中指定行/列的数据;向飞书联系人或群聊发送消息。Triggers: "创建飞书文档"、"删除文档"、"修改文档内容"、"更新第X行第Y列"、"查询文档"、"发送飞书消息"、"发消息给群"。
⭐ 0· 121·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts (document CRUD, block edits, message sending). However the registry metadata declares no credentials while SKILL.md and many scripts require an app_id/app_secret stored in scripts/config.json — an inconsistency between declared requirements and actual needs. Several helper scripts also perform file operations (searching Desktop for .xlsx) and reference specific local paths/usernames which are not documented in the high-level description.
Instruction Scope
SKILL.md documents the main feishu_doc.py and feishu_msg.py behaviors, but the repository also contains multiple ancillary scripts that: scan the user's Desktop for .xlsx files (fix_xlsx.py, upload_sdk.py, upload_test.py, rebuild_xlsx.py), use hard-coded chat IDs/doc IDs, and use literal tenant tokens in test scripts. Those behaviors go beyond the simple 'create/read/send' workflows described and can read local files and post them to chats if run.
Install Mechanism
No install spec is provided (instruction-only), which is lower risk. Scripts may import the lark-oapi SDK and suggest 'pip install lark-oapi', but there is no automatic download-from-URL or arbitrary archive extraction in the install stage.
Credentials
The skill metadata declares no required environment variables, yet the SKILL.md and scripts require an app_id/app_secret in scripts/config.json — credentials are required but not declared in metadata. Several scripts also reference absolute local paths (C:/Users/10430/..., USERPROFILE Desktop) and target chat/doc IDs (oc_..., KH6...) and include a hard-coded tenant token (t-...). Requesting access to local files and having hard-coded external targets is disproportionate to a simple API wrapper and raises data-exfiltration risk if you supply working credentials.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. It doesn't alter other skills' configs. Autonomous invocation is allowed (platform default) but not combined here with an 'always' flag or other elevated privileges.
What to consider before installing
This skill implements Feishu document and messaging operations, but before installing you should: (1) expect to provide your Feishu app_id/app_secret in scripts/config.json — these credentials allow the skill to act with your tenant privileges, so only supply them if you trust the code; (2) inspect and consider removing or refusing to run auxiliary scripts (fix_xlsx, rebuild_xlsx, upload_sdk, upload_test, fetch_chat_messages, send_news, test_blocks, write_news) — they search your Desktop, reference absolute paths, or post to hard-coded chat/doc IDs and include literal tokens; (3) do not run scripts that access your filesystem or send files to chats without understanding exactly which files/targets they use; (4) if you decide to use it, run only the minimal feishu_doc.py and feishu_msg.py after reviewing them, run in a sandboxed environment, and rotate any credentials used for testing. Additional information that would raise or lower confidence: confirmation whether the embedded tenant token and hard-coded IDs are expired/test artifacts (would lower concern) or live/active (would increase concern).Like a lobster shell, security has layers — review code before you run it.
latestvk97b75437b1szvn2h5ee7dgbwn837ktb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.