Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Advanced Builder
v1.0.1飞书高阶构建器。提供飞书基础原生工具之外的深度结构化能力,包括:原生画板(Mermaid/PlantUML)一键生成并嵌入、多维表格(Bitable)精准行列级数据操控、以及超复杂 Markdown 到飞书原生 Block 树的无损转化。适用于研发 DevOps 流转、架构图自动绘制及重度排版文档生成。
⭐ 0· 583·4 current·4 all-time
byRobert Ma@mydreamhorse
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (Feishu board, bitable, markdown→doc) align with the included scripts which call Feishu APIs. However the registry metadata declares no required environment variables while both SKILL.md and all three scripts require FEISHU_APP_ID and FEISHU_APP_SECRET — a clear mismatch in what the package claims vs what it needs. The code also uses FEISHU_BASE_URL (override) and a third-party module 'feishu-markdown' that are not declared in metadata.
Instruction Scope
Runtime instructions and scripts stay within the stated purpose: they read user-provided local files (markdown or code files) and call Feishu Open API endpoints to create whiteboards, tables, and blocks. Things to note: the scripts print tokens and API responses to stdout (which could leak tenant_access_token or created resource tokens into logs), and they accept arbitrary --markdown-file / --code-file paths — so if the agent runs these without careful argument validation it could read local files the user didn't intend to expose. There are no hidden external endpoints in the bundled code; network calls target BASE_URL (default open.feishu.cn) but that base URL can be overridden via env.
Install Mechanism
There is no install spec (instruction-only), which reduces disk-write risk. However the package includes Node.js scripts that depend on external packages (notably 'feishu-markdown') and on global availability of fetch in the runtime. Those dependencies are not declared in the registry metadata or SKILL.md install instructions, which is an inconsistency: running the scripts will likely fail or require installing third-party packages from npm. The absence of an explicit, auditable install step increases the chance an operator will run ad-hoc commands to satisfy missing deps.
Credentials
Requesting FEISHU_APP_ID and FEISHU_APP_SECRET is proportionate for a Feishu integration. But the registry metadata advertised no required env vars while SKILL.md and all scripts require FEISHU_APP_ID and FEISHU_APP_SECRET (and optionally FEISHU_BASE_URL). The skill also prints tokens to stdout (tenant_access_token and created resource tokens) which may expose secrets in logs; that behavior isn't documented as a caution. The declared primary credential is 'none' while the code clearly depends on app credentials — this mismatch is a red flag.
Persistence & Privilege
always:false and no indication the skill modifies other skills or system-wide agent settings. It does not request permanent presence or elevated platform privileges. Autonomous invocation is enabled by default but not combined with other alarming factors here.
What to consider before installing
Key points before you install/use this skill:
- Origin verification: The skill's Source/Homepage are unknown. Only install if you trust the publisher or can host/inspect the code yourself.
- Credentials: The scripts require FEISHU_APP_ID and FEISHU_APP_SECRET even though registry metadata didn't declare them — do not provide tenant-wide admin credentials unless you understand scope. Prefer creating an app with minimal write scopes and test in a non-production tenant.
- Dependency & runtime: The bundled Node scripts reference 'feishu-markdown' and rely on fetch being available. The skill provides no install instructions; you'll likely need to install npm packages manually. Review and vendor dependencies before running to avoid pulling malicious packages.
- Token leakage: The scripts log tokens and API responses to stdout. Ensure logs are not sent to external log aggregators or shared channels, or modify the code to avoid printing tokens.
- File access: The tools accept arbitrary local file paths (markdown, code). Only run them with files you intend to expose and avoid running them with elevated privileges or in directories containing secrets.
- Recommended actions: If you want to use this, fetch the repository, review the three scripts and their dependencies, run them in an isolated environment (ephemeral container) with a least-privilege Feishu app, and consider adding explicit documentation or an install script that pins dependencies and documents the exact env vars used (including FEISHU_BASE_URL). If you cannot validate the source, treat it as untrusted code and do not provide production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk971qkq5zxxbe63smm66hf8tdh81wg8a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.