ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

📄 Feishu Doc Manager | 飞书文档管理器

📄 Feishu Doc Manager | 飞书文档管理器 Seamlessly publish Markdown content to Feishu Docs with automatic formatting. Solves key pain points: Markdown table conversion, permission management, batch writing. 将 Markdown 内容无缝发布到飞书文档,自动渲染格式。 解决核心痛点:Markdown 表格转换、权限管理、批量写入。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
17 · 7.1k · 80 current installs · 82 all-time installs
by@Shuai-DaiDai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to publish Markdown to Feishu Docs and manage permissions; the listed Feishu API scopes (docx:document, docx:document:write_only, docs:permission.member) are consistent with that purpose. However, the bundle declares no required environment variables or primary credential even though Feishu API access requires app credentials/tokens. That mismatch is a sign of incomplete/incoherent packaging.
!
Instruction Scope
SKILL.md contains a Quick Start that instructs the user/agent to run a git clone of a GitHub repo into ~/.openclaw/workspace/skills. The instructions do not explain the auth flow (where to provide Feishu app id/secret or tokens), do not document how credentials are stored, and offer no guidance for safe execution. Recommending an external repo clone in runtime instructions without bundled code or auth details is scope creep and ambiguous.
Install Mechanism
There is no formal install spec in the registry (instruction-only skill). The SKILL.md suggests cloning https://github.com/Shuai-DaiDai/feishu-doc-manager — GitHub is a known host (lower risk than arbitrary IPs), but the registry package contains no code files itself, so the agent would fetch external code at runtime. That increases risk and should be made explicit and vetted before execution.
!
Credentials
The skill requests Feishu API permission scopes but declares zero required environment variables or primary credential. Real operation will need app credentials / tenant_access_token / refresh tokens or similar. The absence of declared credential requirements is disproportionate and ambiguous (where should secrets be put? how are they obtained?).
Persistence & Privilege
The skill does not request always: true and makes no claims to modify other skills or system-wide settings. It appears to be user-invocable only and does not request elevated persistence in the provided metadata.
What to consider before installing
This skill could be legitimate, but it has important gaps and a risky instruction. Before installing or running it: 1) Ask the author or maintainer to provide a complete SKILL.md that documents the auth flow (exact environment variables or secrets needed, how tokens are obtained/renewed, and where they're stored). 2) Request an install spec or include the code in the skill bundle so you don't have to git-clone at runtime; if you must clone, review the repo code yourself (or in a sandbox) before executing. 3) Confirm the minimal Feishu scopes required and avoid granting broader permissions than necessary. 4) If you lack capacity to audit the repository, run it in an isolated environment and do not provide high-privilege credentials. These checks would raise confidence from 'medium' to 'high.'

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97dqdx47nx20s03am1kezpnw980tzdv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

📄 Feishu Doc Manager | 飞书文档管理器

Seamlessly publish Markdown content to Feishu Docs with automatic formatting.

将 Markdown 内容无缝发布到飞书文档,自动渲染格式。

🎯 Problems Solved | 解决的痛点

ProblemSolution问题解决方案
Markdown tables not renderingAuto-convert tables to formatted listsMarkdown 表格无法渲染自动转换为格式化列表
Permission management complexityOne-click collaborator management权限管理复杂一键协作者管理
400 errors on long contentAuto-split long documents长内容 400 错误自动分段写入
Inconsistent formattingwrite/append auto-render Markdown格式不一致write/append 自动渲染

✨ Key Features | 核心功能

1. 📝 Smart Markdown Publishing | 智能 Markdown 发布

  • Auto-render: write/append actions automatically render Markdown
  • Table handling: Tables auto-converted to formatted lists
  • Syntax support: Headers, lists, bold, italic, code, quotes

2. 🔐 Permission Management | 权限管理

  • Add/remove collaborators
  • Update permission levels (view/edit/full_access)
  • List current permissions

3. 📄 Document Operations | 文档操作

  • Create new documents
  • Write full content with Markdown
  • Append to existing documents
  • Update/delete specific blocks

🚀 Quick Start | 快速开始

cd ~/.openclaw/workspace/skills
git clone https://github.com/Shuai-DaiDai/feishu-doc-manager.git

📋 Supported Markdown | 支持的 Markdown

MarkdownFeishu Result
# TitleHeading 1
- ItemBullet list
**bold**Bold
> quoteBlockquote

🔧 Important Distinctions | 重要区分

write/append vs update_block:

Featurewrite/appendupdate_block
Markdown rendering✅ Yes❌ No (plain text)

📦 Required Permissions | 必需权限

  • docx:document
  • docx:document:write_only
  • docs:permission.member

📝 License | 许可证

MIT

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…