ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu All In One Pro

v0.1.0

⚡ ClawHub首款飞书全场景自动化套件 ⚡ 文档 | 消息 | 日历 | 表格 | 云盘 | 审批 | 考勤 | 任务——一站式覆盖,不用再装十几个Skill,比零散安装节省70%配置时间。

0· 76·0 current·0 all-time
by伸正@zcsxhckr

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zcsxhckr/feishu-all-in-one-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu All In One Pro" (zcsxhckr/feishu-all-in-one-skill) from ClawHub.
Skill page: https://clawhub.ai/zcsxhckr/feishu-all-in-one-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-all-in-one-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-all-in-one-skill
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises full Feishu automation requiring an enterprise App ID/Secret and many API capabilities, but the skill metadata declares no required environment variables, no primary credential, and no config paths. The homepage points to a placeholder repo (github.com/your-name/...), and README.md referenced in SKILL.md is absent. This mismatch between claimed capabilities and declared requirements is unexplained.
!
Instruction Scope
SKILL.md is largely marketing copy with no concrete runtime instructions, no API endpoints, no oauth/oauth2 flow, and no guidance on where to provide or store App ID/Secret. It also states '支持自然语言指令调用' without bounding what data the skill will collect or send. The file references a README that isn't present. The prose grants broad discretion (vague features) which could lead to unexpected data access if implemented.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by an installer. From an install-mechanism viewpoint there is low immediate risk, but the lack of runtime detail shifts risk to how the agent/operator implements calls.
!
Credentials
The SKILL.md explicitly says '只需填一次App ID和Secret' (requires App ID and Secret), yet requires.env is empty and no primary credential is declared. Requiring sensitive credentials is expected for Feishu integrations, but the skill fails to declare them or explain storage/usage, which is disproportionate and ambiguous.
Persistence & Privilege
always is false and the skill is user-invocable with model invocation allowed (platform defaults). There is no claim it will persist or modify other skills or system configs. No elevated persistence or system-wide privileges are declared.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control character patterns flagged by the scanner. These can be used for prompt-injection or to hide characters; such patterns are not expected in a straightforward integration README and increase suspicion because the doc is otherwise vague and contains placeholder links.
What to consider before installing
Do not install yet. Ask the publisher for: (1) a real repository/homepage and a complete README showing exact runtime steps and network endpoints; (2) how and where App ID/Secret are provided (OAuth vs stored env vars vs interactive), and what scopes are requested; (3) whether network calls go only to official Feishu APIs and whether any third-party endpoints are used; (4) a sample of the concrete SKILL runtime instructions (commands, API URLs, headers, token storage behavior). If you must test, do so in a throwaway account or isolated environment and never provide production credentials until you verify source code and data flows. The unicode-control-chars finding and placeholder homepage are red flags — require clarification and a code audit (or signed publisher identity) before trusting enterprise credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705fr13vqk87qmn6j4j7gme1849jdbv1.0.0vk9705fr13vqk87qmn6j4j7gme1849jdb
76downloads
0stars
1versions
Updated 3w ago
v0.1.0
MIT-0
伸正@zcsxhckr
latestv1.0.0
Download

飞书全场景办公自动化 All-in-One Pro

⚡ ClawHub首款飞书全场景整合Skill | 告别零散插件,一个套件搞定所有办公场景

核心价值

  • 🚀 开箱即用:统一配置,只需填一次App ID和Secret,所有功能自动生效
  • 💰 节省70%成本:不用再装十几个零散Skill,内存和Token消耗大幅降低
  • 🎯 场景全覆盖:文档、消息、日历、表格、云盘、审批、考勤、任务、会议——一站式
  • 🔒 企业级安全:数据走飞书官方API,企业版支持私有化部署

功能列表

📄 文档管理

  • 读取/创建/更新飞书文档和知识库
  • 支持Markdown格式转换
  • 批量导出文档

💬 消息发送

  • 文本/富文本消息发送
  • 支持@成员、话题回复
  • 群消息自动汇总

📅 日历日程

  • 查询/创建/更新日程
  • 智能排期,自动避开冲突时间
  • 参会人自动提醒

📊 多维表格

  • 查询/创建/批量导入表格记录
  • 高级筛选和排序
  • 数据自动同步

☁️ 云盘管理

  • 文件上传下载
  • 批量文件操作
  • 支持大文件分片上传

✅ 审批考勤

  • 审批状态自动查询
  • 考勤数据自动统计
  • 迟到早退预警通知

📝 任务待办

  • 待办同步与状态更新
  • 截止时间自动提醒
  • 任务评论与协作

🎙️ 会议妙记

  • 会议内容自动转录
  • 关键要点自动提取
  • 会议纪要自动生成

适用人群

  • 🏢 企业行政/HR/运营:自动化日常办公流程
  • 👨‍💻 飞书深度用户:提升个人办公效率
  • 👨‍💻 开发者:快速搭建飞书相关自动化工作流
  • 🏭 企业IT部门:统一管理企业内部飞书自动化能力

定价方案

版本价格功能
免费版免费基础功能,100次/月调用
专业版149元/年全功能开放,1000次/月,技术支持
企业版1499元/年无限次调用,专属客服,定制功能
私有化部署14999元/年数据100%留存在企业内部

使用前提

需要配置飞书企业自建应用,详见 README.md

更新日志

v1.0.0 (2026-04-05)

  • 首个版本发布
  • 支持文档、消息、日历、多维表格核心功能
  • 支持自然语言指令调用

Comments

Loading comments...