ClawHub

feishu-meeting-scheduler

v1.0.4

飞书一句话智能排期与日程协调助手,基于事件驱动架构

0· 256·0 current·0 all-time
by@lens-lzy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Feishu meeting scheduler) aligns with the code and declared envs: the code calls Feishu calendar and messaging APIs, builds interactive cards, computes free/busy intersections, persists session state, and can wake an OpenClaw agent. Required env vars (FEISHU_APP_ID/SECRET, VERIFICATION_TOKEN, OPENCLAW_WAKE_ENDPOINT) are appropriate for this functionality.
Instruction Scope
SKILL.md describes the same endpoints and event-driven flow implemented in code. It instructs the agent to call the skill's calc/dispatch endpoints and to accept webhook wakeups. The doc asks the agent to consult its system prompt for dialog style; otherwise instructions are bounded. One small mismatch: _meta.json and package metadata reference a local store.json file as required config, while the deployed index.js uses the BitableStore (Feishu bitable) by default — this should be clarified.
Install Mechanism
No install spec is provided (instruction-only in registry), which is lower risk. However the skill bundle includes runnable Node files (index.js, feishuService.js, bitableStore.js, etc.), so enabling the skill will cause that code to be executed by whatever runtime installs/starts it — there is no external download-from-unknown-URL step in the package itself.
Credentials
Requested environment variables are proportional to the stated purpose (Feishu app credentials, verification token, optional encrypt key, and an OPENCLAW_WAKE_ENDPOINT). The skill optionally accepts ALLOWED_WAKE_DOMAINS and FEISHU_CALENDAR_ID which are sensible. Minor inconsistency: _meta.json lists store.json as a required config path while the active runtime uses Feishu bitable; a local file-based store (dbStore.js) is present in the package but not used by index.js, which may confuse deployers about what secrets/configs are required.
Persistence & Privilege
The skill does not request always:true and uses normal autonomous invocation. It creates and deletes Feishu Bitable apps per session (bitable app creation/deletion via Feishu API) and therefore requires elevated Feishu permissions; this is coherent for the design but increases blast radius (many created apps and stored session data in your Feishu tenant). The skill also makes outbound HTTP POST to OPENCLAW_WAKE_ENDPOINT to wake agents — ensure that endpoint is trusted and whitelisted.
Scan Findings in Context
[webhook-signature-degraded] expected: The code supports HMAC signature verification using FEISHU_ENCRYPT_KEY but falls back to Verification Token when encrypt key is absent. A fallback is functionally understandable for development, but it's a security downgrade and deployers should set FEISHU_ENCRYPT_KEY in production.
[external-wakeup-callback] expected: Skill calls an external OPENCLAW_WAKE_ENDPOINT to wake an agent on conflicts. This is part of the stated architecture, but it requires that the endpoint be safe and that ALLOWED_WAKE_DOMAINS or other whitelist be configured to avoid sending data to untrusted endpoints.
[bitable-app-lifecycle] expected: BitableStore creates and deletes Feishu bitable apps per session. This matches the skill's persistent-session design, but it requires broad Feishu bitable API permissions and may create many transient apps if misused — a deployer should audit permissions, quotas and cleanup behavior.
[local-file-store-present] unexpected: A file-based SimpleStore (dbStore.js) exists in the package but index.js constructs a BitableStore. _meta.json marks store.json as a required config path. This mismatch can confuse deployers and lead to unnecessary configuration; clarify which store is used.
[time-zone-and-parsing] expected: The code uses Date and toLocale* with explicit Asia/Shanghai timeZone in some places; for global deployments this needs careful audit. This is a functional correctness/operational concern rather than hidden malicious behavior.
Assessment
This skill appears to do what it claims (compute free/busy, send Feishu interactive cards, manage sessions and wake an agent), but review the following before installing: - Required credentials: you must provide FEISHU_APP_ID and FEISHU_APP_SECRET and FEISHU_VERIFICATION_TOKEN. For production, also set FEISHU_ENCRYPT_KEY to enable HMAC signature validation (do not rely on token fallback). - OUTBOUND WAKE: OPENCLAW_WAKE_ENDPOINT will be POSTed to when conflicts occur. Ensure that value points to a trusted, reachable agent endpoint and set ALLOWED_WAKE_DOMAINS to restrict targets. - Bitable apps: the skill creates and deletes Feishu Bitable apps per session. Confirm your Feishu app permissions, tenant quotas, and that auto-deletion works in your tenant (to avoid many leftover apps). Consider switching to a centralized store (Redis or a single bitable) for high-volume use. - Storage mismatch: the package contains a local file store implementation and also a bitable-based store; _meta.json lists store.json as required. Clarify which storage to use and remove unused code to reduce confusion. - Security & production hardening: consider adding stricter URL whitelist, robust signature verification, request validation/rate-limiting, retry/error categorization, and monitoring. Test the skill in a limited environment and audit API scopes requested by the Feishu app before granting privileges. If you are comfortable reviewing and applying the above operational/security changes, the skill is coherent with its purpose. If not, ask the developer to: (1) remove unused local store or update metadata, (2) require FEISHU_ENCRYPT_KEY by default, and (3) limit wake endpoints via ALLOWED_WAKE_DOMAINS.
feishuService.js:188
Environment variable access combined with network send.
index.js:8
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk9793g7kf4xtk29a64e2n8jznx833s38

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments