写入智能表格记录
PassAudited by ClawScan on May 1, 2026.
Overview
This skill matches its stated purpose of writing user-approved records to Enterprise WeChat smart sheets, but it uses a write-capable webhook and can modify business data.
Install this skill if you want the agent to write to Enterprise WeChat smart sheets. Treat each webhook as a password for writing to that sheet, confirm the target table and fields before important updates, and delete or rotate saved webhooks when they are no longer needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can add or update rows in a team smart sheet, including bulk or business-critical records if the user asks it to.
The helper sends constructed record payloads to the supplied webhook. This is the core purpose of the skill, but a wrong table, wrong record_id, or wrong URL could change or transmit business records.
req = urllib.request.Request(webhook_url, data=data, headers={"Content-Type": "application/json; charset=utf-8"}, method="POST")Before writes or updates, verify the target table, webhook host, record IDs, and payload fields, especially for approvals, financial data, customer data, or bulk changes.
Anyone or any agent process with the saved webhook can write to the associated smart sheet until the webhook is disabled or rotated.
The artifact correctly discloses that the webhook functions like a write key and may be saved for reuse. This is expected for the integration but grants write access to the sheet.
Webhook 地址相当于表格的写入密钥——本技能只会向用户自己提供的地址发送数据,不做其他用途。如不希望保存,请在配置确认时告知。
Save webhooks only for tables where reuse is acceptable, avoid sharing the config file, and disable or rotate the webhook if it is exposed or no longer needed.
A stale, incorrect, or unintended saved table configuration could cause the agent to write to the wrong table or map fields incorrectly.
The skill reuses persisted table configuration, including schemas and webhooks, across future interactions. This supports the workflow but makes the saved configuration influential over later writes.
读取 `~/.openclaw/workspace/config/smartsheet-tables.json`,列出用户已有的表格。
Review saved table configurations periodically, delete unused webhooks, and confirm the table choice when the agent proposes using a saved configuration.