ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Knowledge Ingest

v1.0.0

batch ingest feishu folders and single attachments into report-first knowledge artifacts. use when chatgpt needs to read a feishu directory or a single share...

0· 57·0 current·0 all-time
by@kaiasdobi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name and description promise batch ingestion from Feishu folder links or shared-attachment tokens, but the code and README contain no Feishu API adapter, no network/download logic, and no environment variables for Feishu credentials. The runtime only processes local files in a directory, so someone expecting automatic Feishu integration would be misled.
!
Instruction Scope
SKILL.md describes resolving folder tokens, enumerating files, routing permission-blocked items, and preserving source tokens; run.py implements a local directory loop and sets source_token to an empty string. The instructions thus give the agent responsibilities (handle Feishu tokens, list remote files) that the provided code does not implement.
Install Mechanism
There is no install spec (instruction-only), but a requirements.txt lists python-docx and pypdf which are reasonable for the included parsers. No remote downloads or unusual install steps are present, so install risk is low — but the skill does not document how to install those requirements in the SKILL.md.
!
Credentials
SKILL.md expects inputs like 'folder_token' or shared-attachment links, yet requires.env is empty and there are no declared primary credentials. If you intend to enable live Feishu ingestion you would need to add credentials (which is not currently handled). The absence of any credential requirement is inconsistent with the stated purpose.
Persistence & Privilege
The skill is not always-on, does not request elevated platform privileges, and does not modify other skills or system-wide settings. It writes output files to a specified output directory (local disk) which is expected behaviour for an ingestion tool.
What to consider before installing
This package is a local, v0.1 skeleton for parsing .docx/.pdf files and producing report-first outputs — it does NOT actually connect to Feishu or accept Feishu tokens. If you install this expecting automatic Feishu folder ingestion, you will be disappointed: you'll need to add a Feishu listing/download adapter and credential handling. Before using: inspect run.py and the parser files (they only read local files and do not send data externally), install the Python dependencies (python-docx, pypdf) in a controlled environment, and be careful that any files you ingest don't contain sensitive information you don't want written into the generated outputs (kb-items.jsonl, failed-items.jsonl, MEMORY.candidate.md, ingest-report.md). If you want real Feishu integration, ask the author for the connector code or add secure credential requirements (and review any network/download code for where data is sent).

Like a lobster shell, security has layers — review code before you run it.

latestvk97cc8c449xe61tpr6gfpx1s7983fyfz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments