ClawHub

Meegle Connector

Connect to Meegle via MCP service, support OAuth authentication, and enable querying and managing work items, views, etc.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 183 · 0 current installs · 0 all-time installs
by@wadxm
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (node, npx), required config path (~/.mcporter/credentials.json), and the install of @lark-project/meego-mcporter are consistent with a CLI-based OAuth connector for Meegle/MCP.
Instruction Scope
SKILL.md instructs the agent to run npx commands and to read/write ~/.mcporter/credentials.json during a remote OAuth flow. Reading/writing that single credentials file is expected for OAuth management, but it is a sensitive operation and the file may contain tokens if not in the exact state the doc assumes. The skill explicitly requires user confirmation for credential operations and forbids logging, which reduces risk.
Install Mechanism
Install is an npm package from the registry (@lark-project/meego-mcporter) producing a meego-mcporter binary. Using npm for a CLI tool is normal and proportionate. No arbitrary URLs or archive extraction are used.
Credentials
No environment secrets are requested; the only required artifact is ~/.mcporter/credentials.json, which is directly relevant to the stated OAuth flows. The skill does not ask for unrelated credentials or system-wide tokens.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill configuration changes. Autonomous invocation is allowed (platform default) but not itself a red flag here.
Assessment
This skill appears coherent for a CLI-based Meegle connector, but before installing: (1) verify you trust the npm package and its publisher (inspect the package contents or repository if possible); (2) prefer Browser OAuth locally when possible instead of copying credential files; (3) never paste access tokens or credential files into chat—follow the documented confirm-and-write flow; (4) confirm that the agent prompts you before reading or writing ~/.mcporter/credentials.json; and (5) if you must use a remote flow, review the written credentials after the operation and remove any unneeded files. If you are unsure about the npm package's provenance, inspect it first rather than installing globally.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.9
Download zip
latestvk97b91ag4xetbtbszmyzf2340n8337xb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binsnode, npx
Config~/.mcporter/credentials.json

Install

Node
Bins: meego-mcporter
npm i -g @lark-project/meego-mcporter

SKILL.md

Meegle Skill

Connect to Meegle via MCP service, supporting OAuth authentication.

Prerequisites

This skill relies on the following environment:

  • Node.js (>= 18) and npx
  • @lark-project/meego-mcporter: MCP Transfer Tool, sourced from npm (npm install -g @lark-project/meego-mcporter or automatically obtained via npx)

Certificate Management Instructions

This skill uses ~/.mcporter/credentials.json to store OAuth credentials (managed by mcporter).

  • Method 1 (Recommended): Browser OAuth - mcporter automatically completes authorization and writes credentials, and the agent does not need to access the credential content.
  • Method 2 (Remote Server): When the server does not have a browser, users need to complete OAuth on their local computers and then sync the credentials to the server. In this process, the agent will assist in displaying the OAuth Client configuration (excluding tokens) and writing the authorized credentials provided by the user, and all operations require users to confirm step by step.

Security Constraints:

  • The agent shall not initiate credential operations independently, and each step requires explicit confirmation from the user.
  • The agent must not record the credential content to logs, historical messages, or any location other than ~/.mcporter/
  • Temporary files generated during the operation must be cleaned up immediately

Connection Method

1. Ask the user which method to use for authentication

Note: Be sure to ask the user and let the user make an active choice. Automatically choosing for the user is prohibited. This tool supports two authentication methods:

  • Browser OAuth (Recommended): Suitable for scenarios where OpenClaw is locally installed, automatically re-engaging the browser to complete authorization
  • Remote OAuth Proxy: Suitable for scenarios where OpenClaw is installed on a remote server (browserless environment)

2. Browser OAuth (Recommended)

2.1. Create a Configuration File

Copy meegle-config.json from the skill package directory to the working directory.

2.2. Perform OAuth authentication (only once)

npx @lark-project/meego-mcporter auth meegle --config meegle-config.json

This will open a browser for you to authorize your Feishu account. ** After authorization is completed, the credentials will be cached in ~/.mcporter/credentials.json, and subsequent calls will not require re-authorization. **

3. Remote OAuth Proxy

Applicable Scenario: When the remote server does not have a browser, the user needs to complete OAuth on the local computer and then sync the credentials back to the server.

3.1. Create a Configuration File

Copy meegle-config.json from the skill package directory to the working directory.

3.2. Generate OAuth Client Configuration

npx @lark-project/meego-mcporter auth meegle --config meegle-config.json --oauth-timeout 1000

This command will generate an OAuth Client configuration (containing only the client parameters, excluding tokens) in ~/.mcporter/credentials.json.

3.3. Assist users in completing local authorization

This step requires the agent and the user to cooperate to complete credential synchronization. Since the remote server does not have a browser, the user needs to complete OAuth authorization on their local computer.

Step A - Present the OAuth Client Configuration to the User (Requires User Confirmation):

Read the contents of ~/.mcporter/credentials.json (which at this time only contains OAuth client parameters and no tokens), display them to the user, and inform the user:

The following is the OAuth Client configuration. Please refer to the document https://meegle.com/b/helpcenter/product/5rifl7a7 to complete the authorization on your local computer. After the authorization is completed, please provide me with the generated credential file.

Step B - Receive authorized credentials provided by the user (user confirmation required):

After the user completes OAuth locally, they will provide the authorized credential file. After obtaining user confirmation, write it to ~/.mcporter/credentials.json.

After the write operation is completed, immediately clean up any intermediate temporary files that may have been generated during the operation. The credential content is only stored in ~/.mcporter/credentials.json and must not be saved to any other location.

3.4. Verify the Authorization Result

Attempted to connect to the MCP server and confirmed successful authorization.

4. Subsequent Use

npx @lark-project/meego-mcporter call meegle <tool_name> --config meegle-config.json

Available Features

  • Query: To-do, View, Work Item Information
  • Operations: Create, modify, and transfer work items

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…