ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-sheets-toolkit

v1.0.0

Feishu online spreadsheet (Sheets) operations including create, read, write, append data, manage worksheets. Use when user mentions Feishu Sheets, online spr...

0· 91·0 current·0 all-time
byXiLi-aXi@qiuwenxi416488212-ship-it

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qiuwenxi416488212-ship-it/feishu-sheets-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "feishu-sheets-toolkit" (qiuwenxi416488212-ship-it/feishu-sheets-toolkit) from ClawHub.
Skill page: https://clawhub.ai/qiuwenxi416488212-ship-it/feishu-sheets-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-sheets-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-sheets-toolkit
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description, SKILL.md and included code all align around Feishu Sheets API functionality (create/read/write/append/manage). However the code (scripts/feishu_sheets.py and feishu_enhanced.py) expects an app_id/app_secret (tenant access token flow) while the skill metadata declares no required environment variables or primary credential. That mismatch between declared requirements and actual code is a meaningful incoherence.
Instruction Scope
SKILL.md is narrowly scoped to Sheets operations and documents the API endpoints and required scopes. It also mentions obtaining a tenant_access_token via app_id/app_secret. The instructions do not ask the agent to read unrelated system files. Minor inconsistency: examples show using library helpers without explicitly showing where credentials come from, leaving implementation detail ambiguous.
Install Mechanism
No install spec is provided (instruction-only at manifest level), which is lower risk. Source includes Python modules and a CLI script but there is no automatic download or external installer that would fetch arbitrary code at install time.
!
Credentials
The runtime scripts expect FEISHU_APP_ID and FEISHU_APP_SECRET (scripts/feishu_sheets.py) and feishu_enhanced.py accepts app_id/app_secret for tenant token exchange, but the skill metadata lists no required env vars or primary credential. Requesting app credentials would be proportional to the skill's purpose, but failing to declare them is an incoherence that can lead to surprises (silent credential prompts, undocumented secrets usage).
Persistence & Privilege
always is false and the skill does not request any elevated or persistent platform privileges. The code makes outbound HTTPS requests to Feishu APIs (expected for the skill). It does not modify other skills or system-wide agent settings.
What to consider before installing
This skill's code legitimately talks to Feishu's API and uses the tenant token flow, which requires an app_id and app_secret. Before installing: (1) confirm the skill metadata lists any credentials it will use — here it does not, so ask the publisher or avoid installing until fixed; (2) if you provide FEISHU_APP_ID/FEISHU_APP_SECRET, ensure they are scoped to a minimum-permission app and are stored securely (not pasted into chat); (3) review and verify the code origin (there are duplicate client implementations in the package and no homepage); (4) consider running the skill in a sandbox or test account first and revoke the app credentials after testing if you have concerns; (5) prefer skills that explicitly declare required env vars and permissions in registry metadata so you know what secrets the skill will need.

Like a lobster shell, security has layers — review code before you run it.

latestvk971s13wjh78wnyddj423p1chs855rc9
91downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
XiLi-aXi@qiuwenxi416488212-ship-it
latest
Download

Feishu Sheets Tool

Single tool feishu_sheets with action parameter for all spreadsheet operations.

Token Extraction

From URL https://xxx.feishu.cn/sheets/shtABC123spreadsheet_token = shtABC123

Actions

Create Spreadsheet

{ "action": "create", "title": "New Spreadsheet" }

Optional folder:

{ "action": "create", "title": "New Spreadsheet", "folder_token": "fldcnXXX" }

Returns: spreadsheet_token, url, title

Write Values

{
  "action": "write",
  "spreadsheet_token": "shtABC123",
  "sheet_id": "0bxxxx",
  "range": "A1:C3",
  "values": [["Name", "Age", "City"], ["Alice", 25, "Beijing"], ["Bob", 30, "Shanghai"]]
}

Read Values

{
  "action": "read",
  "spreadsheet_token": "shtABC123",
  "sheet_id": "0bxxxx",
  "range": "A1:C10"
}

Append Values

{
  "action": "append",
  "spreadsheet_token": "shtABC123",
  "sheet_id": "0bxxxx",
  "values": [["Charlie", 28, "Shenzhen"]]
}

Insert Rows/Columns

{
  "action": "insert_dimension",
  "spreadsheet_token": "shtABC123",
  "sheet_id": "0bxxxx",
  "dimension": "ROWS",
  "start_index": 5,
  "end_index": 7
}

Delete Rows/Columns

{
  "action": "delete_dimension",
  "spreadsheet_token": "shtABC123",
  "sheet_id": "0bxxxx",
  "dimension": "ROWS",
  "start_index": 5,
  "end_index": 7
}

Get Spreadsheet Info

{ "action": "get_info", "spreadsheet_token": "shtABC123" }

Returns: metadata including all sheet_ids and titles

Add Worksheet

{
  "action": "add_sheet",
  "spreadsheet_token": "shtABC123",
  "title": "Sheet2"
}

Delete Worksheet

{
  "action": "delete_sheet",
  "spreadsheet_token": "shtABC123",
  "sheet_id": "0bxxxx"
}

Range Format

  • Cell: A1, B5
  • Range: A1:C10, B2:D5
  • Entire column: A:A, B:D
  • Entire row: 1:1, 3:5
  • With sheet_id: 0bxxxx!A1:C10

Sheet ID

  • From URL: https://xxx.feishu.cn/sheets/shtABC123?sheet=0bxxxx
  • From get_info action
  • Default first sheet often has simple id like 0bxxxx

Data Types

Values can be:

  • String: "Hello"
  • Number: 123, 45.67
  • Formula: {"type": "formula", "text": "=SUM(A1:A10)"}
  • Link: {"type": "url", "text": "Click here", "link": "https://..."}

Configuration

channels:
  feishu:
    tools:
      sheets: true  # default: true

Permissions Required

  • sheets:spreadsheet - Create and manage spreadsheets
  • sheets:spreadsheet:readonly - Read spreadsheet data
  • drive:drive - Access cloud storage

API Reference

Base URL: https://open.feishu.cn/open-apis/sheets/v2/spreadsheets/

See references/api-reference.md for detailed API documentation.

Code Implementation

Python实现: eishu_sheets.py

`python from feishu_sheets import FeishuSheets

创建请求

fs = FeishuSheets() req = fs.build_create_request('New Sheet')

Token提取

token = FeishuSheets.extract_token('https://xxx.feishu.cn/sheets/shtABC123') `

Comments

Loading comments...