ClawHub

飞书任务Bot身份

v1.0.2

飞书任务(Bot身份):使用Bot/应用身份管理飞书任务,创建任务、查询任务列表、更新状态、分配成员等。本Skill专门使用v1 API,Bot身份可直接调用,解决了lark-task官方Skill使用v2接口无法支持Bot身份的问题。当需要以Bot身份(应用身份)操作任务时使用本Skill。

0· 63·0 current·0 all-time
by@lixiang92229
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say 'Bot/app identity for Feishu tasks' and the package only requires FEISHU_APP_ID / FEISHU_APP_SECRET and Python; the included script obtains a tenant_access_token and calls the v1 task APIs — this is proportional and expected.
Instruction Scope
SKILL.md instructs the agent to read an external file '../lark-shared/SKILL.md' (for authentication/identity rules). Reading that shared skill document is not inherently malicious but is a cross-skill dependency that the operator should review because it grants the skill contextual guidance outside its own bundle.
Install Mechanism
No install spec; the skill is instruction-only with a small Python script included. Nothing is downloaded or written to disk by an installer.
Credentials
Only FEISHU_APP_ID and FEISHU_APP_SECRET are required/declared (primaryEnv set to FEISHU_APP_ID). These credentials are exactly what a Bot/app identity needs to obtain a tenant_access_token and call the v1 API.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skills. It performs normal outbound HTTPS calls to official open.feishu.cn endpoints.
Assessment
This skill appears to do exactly what it claims: use the Feishu app credentials to fetch Bot tasks via the official v1 API. Before installing, verify (1) you are comfortable providing FEISHU_APP_ID / FEISHU_APP_SECRET to the environment (these are sensitive and grant app-level access), (2) the referenced ../lark-shared/SKILL.md is safe and contains only guidance (inspect it if possible), and (3) the Feishu app has minimal scopes needed (task:task:read / task:task:write). If in doubt, review the included scripts (scripts/lark-task-bot-list.py) locally and run them in a controlled environment with test credentials first.

Like a lobster shell, security has layers — review code before you run it.

botvk979e65q78wd5ck331z1xqq28d84kxtsfeishuvk979e65q78wd5ck331z1xqq28d84kxtslatestvk979e65q78wd5ck331z1xqq28d84kxtsopenclawvk979e65q78wd5ck331z1xqq28d84kxtstaskvk979e65q78wd5ck331z1xqq28d84kxts

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments