OC Doc Generator
v1.0.0从源代码自动生成 API 文档、技术文档,支持输出到飞书云文档。包含代码注释提取、 中文文档模板、OpenAPI 规范生成等功能。 **触发场景**: - 用户要求"生成文档"、"写 API 文档"、"自动生成文档" - 需要从代码提取注释生成文档 - 需要输出文档到飞书 - 用户提到"API 文档"、"接口文档...
⭐ 0· 37·0 current·0 all-time
byNarain@penghang1223
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included script and instructions: extract_api.py and SKILL.md focus on parsing source code to produce Markdown/JSON/OpenAPI and optionally send output to Feishu. The only mild inconsistency is that SKILL.md references a separate feishu-create-doc skill for Feishu upload but does not declare that dependency explicitly — functionality still coherent with the stated purpose.
Instruction Scope
Runtime instructions explicitly tell the agent to read source files/directories and extract signatures/docstrings — this is required for a doc generator and is expected. Be aware this grants the skill access to your repository/source files when invoked; SKILL.md does not instruct reading unrelated system files or environment variables. It also instructs calling an external 'feishu-create-doc' skill to upload docs to Feishu (an external endpoint), which is expected but should be authorized separately.
Install Mechanism
No install spec; instruction-only with a provided Python script. No downloads, package installs, or archive extraction are declared, so there is low install-time risk. The included Python script appears self-contained and reads local files.
Credentials
Skill declares no required environment variables or credentials (reasonable). However, to actually upload to Feishu the agent/platform will need Feishu credentials (not declared here) or the separate feishu-create-doc skill must have appropriate auth — confirm where Feishu tokens are stored and which skill will use them. Also confirm that your codebase does not contain secrets (tokens/API keys) that the extractor might capture in examples or doc fragments.
Persistence & Privilege
Skill does not request always:true and doesn't request persistent system privileges. It will read project files when invoked, which is appropriate for its purpose. Autonomous invocation is allowed (platform default) but not by itself a problem; combine caution with the notes above about repo access and Feishu uploads.
Assessment
This skill appears to do what it says: parse source code and generate API docs, optionally sending them to Feishu using another skill. Before installing or running it: 1) Review extract_api.py fully (especially the parts not shown here) to confirm it has no network calls, telemetry, or attempts to read unrelated system paths. 2) Be explicit about what code/directories you allow it to analyze — the tool reads your source files and can include snippets in generated docs. 3) Confirm how Feishu uploads will be authenticated (which skill will hold Feishu tokens and where those tokens are stored). 4) Run the script in a sandbox or on a copy of your repository first to validate outputs and ensure no secrets are leaked into generated examples. If you want extra assurance, ask for a full code review of extract_api.py (complete file) and any invoked helper skills (feishu-create-doc).Like a lobster shell, security has layers — review code before you run it.
latestvk97ffh51kncx95yb47y461mtnd841azb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.