PM周报数据同步
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms an incorrect preview, weekly revenue values in the Feishu spreadsheet could be changed.
The script can write values into Feishu spreadsheet cells, but it defaults to preview mode and requires an explicit --confirm argument before mutation.
dry_run = True # 默认干跑模式,不写入 ... elif arg == "--confirm": confirm = True ... "write", token, sheet_id + "!" + cell + ":" + cell
Run the dry-run preview first, verify the matched rows, columns, and values, and only then use --confirm.
Anyone or any skill with access to those credentials may be able to edit shared Feishu spreadsheet data within the app's permissions.
The skill requires Feishu application credentials with spreadsheet edit authority. This is expected for updating a Feishu sheet, but it is sensitive delegated access.
飞书应用权限:你需要有一个乐荐的飞书应用,该应用需要开通「电子表格」编辑权限(`sheets:spreadsheet`)... openclaw config set channels.feishu.appId ... appSecret
Use least-privilege Feishu app credentials, share only the intended spreadsheet with the app, and protect the OpenClaw configuration file.
The actual Feishu API behavior also depends on the separately installed helper skill.
The skill depends on a separate Feishu spreadsheet skill that is not included in the reviewed artifacts and is not version-pinned in the instruction.
本技能依赖 `lejian-feishu-sheet`(飞书电子表格操作技能)... openclaw skills install lejian-feishu-sheet
Review and trust the `lejian-feishu-sheet` skill before installing it, and pin or control its version if your environment supports that.
An accidental or untrusted reconfiguration link could cause future syncs to write to the wrong spreadsheet.
The target spreadsheet token, sheet ID, and URL are stored persistently and can be updated when a new Feishu URL is provided.
目标飞书表格配置存储在 `env.vars` ... 如果用户发送了新的飞书表格 URL,视为重新配置提示,重复流程1逐字段更新。
Confirm the target Feishu URL before saving or changing configuration, and restrict who can initiate reconfiguration.