Feishu Requirement Manager
v3.1.0飞书需求管理工具(去中心化+可扩展)。支持需求创建、任务拆分、代理执行、进度跟踪。 **核心字段**: - 需求:标题、状态、优先级、进度、截止日期 - 任务:标题、状态、执行人、关联需求 **支持自定义扩展**,用户可添加额外字段。
⭐ 1· 125·0 current·0 all-time
byMao XiaoHei!@maoxiaohei2026-tech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md describes creating projects/requirements/tasks and mapping fields to Feishu Bitable tables, and the examples show creating app/table/record objects via feishu_bitable_app.* calls — this aligns with the stated purpose.
Instruction Scope
Instructions explicitly read/write a memory file (memory/shared/requirement-manager.json) to persist app_token and table IDs and direct agents to create/read/update Bitable records. Persisting an app_token is expected for continued access, but the SKILL.md does not detail how Feishu authentication is obtained or what permissions the token has — worth verifying. The skill also delegates work to other agents (PM agent, execution agents), which is consistent with a decentralized workflow but broadens runtime actions.
Install Mechanism
This is an instruction-only skill with no install spec or code files. Nothing is written to disk by an installer here beyond the agent's normal memory persistence described in the instructions.
Credentials
The registry metadata declares no required env vars or credentials, and SKILL.md relies on an app_token produced/used at runtime. That is coherent if the platform provides a Feishu connector, but the skill doesn't document how the token is obtained or what privileges it needs. Storing app_token in agent memory persists a credential — confirm token scope and lifecycle.
Persistence & Privilege
always is false and the skill does not request system-wide modification. It does instruct writing to a shared memory file to persist app_token and table IDs, which grants it persistent access to those Feishu resources; ensure that stored tokens are scoped minimally and that you are comfortable with agent memory storage of credentials.
Assessment
This skill appears to do what it claims: manage Feishu Bitable requirement and task records. Before installing, verify these points: (1) Authentication model — confirm how feishu_bitable_app connector obtains the app_token and whether you must provide Feishu credentials elsewhere; (2) Token scope and rotation — ensure the stored app_token has only the permissions needed and can be revoked/rotated; (3) Memory storage location — confirm where memory/shared/requirement-manager.json is stored, who can access it, and whether it will persist across sessions; (4) Least privilege for created resources — the tables/apps it creates should not require excessive org-wide privileges; (5) Delegation behavior — the skill delegates tasks to other agents, so review what those agents are allowed to do in your environment. If you cannot confirm the connector/auth details, treat the persisted app_token as a sensitive secret and avoid installing until clarified.Like a lobster shell, security has layers — review code before you run it.
latestvk97bvcfce2eden5p4k56c70s2983cm0a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.