ClawHub

FeishuBitable-Plus

v1.0.0-beta

自然语言驱动飞书多维表格操作,支持CRUD、批量导入导出、跨表同步及数据质量分析,纯本地安全部署。

0· 240·0 current·1 all-time
by@zwybirth

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zwybirth/feishu-bitable-plus.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "FeishuBitable-Plus" (zwybirth/feishu-bitable-plus) from ClawHub.
Skill page: https://clawhub.ai/zwybirth/feishu-bitable-plus
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-bitable-plus

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-bitable-plus
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim natural-language operations for Feishu Bitable; the package contains an API client (calls to open.feishu.cn), intent engine, CLI, and a config manager for storing App ID/App Secret—all coherent with the stated purpose. The declared Feishu scopes (bitable:app, bitable:record, bitable:table) match the functionality.
Instruction Scope
SKILL.md and README instruct only local CLI use (fbt config, fbt query, etc.). Runtime code follows that flow and calls only Feishu API endpoints. However, documentation and some CLI messages claim credentials are saved to the "system keychain" while the implemented ConfigManager stores Base64-encoded credentials in ~/.feishu-bitable-plus/credentials.json — this is a misleading/security-relevant discrepancy.
Install Mechanism
Registry metadata has no install script and the skill is distributed as source/compiled JS files (no external downloads during install). Dependencies are standard npm libs (axios, inquirer, node-cache). There are no suspicious remote download URLs or extract-from-URL steps in the bundle.
Credentials
The skill does not request unrelated environment variables; it legitimately needs Feishu App ID/App Secret and app-specific appToken (passed as CLI args). It does not declare a primaryEnv in registry metadata, but the code expects stored credentials. The credential storage is weak: credentials are stored Base64-encoded (not encrypted). This is proportionate to the feature set but a security concern in practice.
Persistence & Privilege
always:false (not force-included). The skill writes to a single config directory (~/.feishu-bitable-plus) and manages its own credentials file (mode 0o600). It does not modify other skills or global agent settings. Persistence is limited to its own config directory.
Assessment
This package appears to implement what it claims (a local CLI + intent engine + Feishu API client). Before installing or using it, consider the following: - Credential handling: the code stores your App ID/App Secret in ~/.feishu-bitable-plus/credentials.json using Base64 encoding, which is reversible and not secure. Treat these files as sensitive, delete them when not in use, or modify the code to use a secure key store (e.g., keytar/system keychain). - Documentation mismatch: README/CLI messages imply system keychain storage; in reality the implementation uses file storage. If you require true system keychain support, patch or request that feature. - Source provenance: registry metadata lists source/homepage as unknown/none while package.json and README reference a GitHub repo. Prefer installing code from a verified source (inspect the GitHub repo/commit history) and confirm the package integrity. - Network behavior: the client talks only to open.feishu.cn (Feishu Open API) and obtains a tenant_access_token using your App ID/Secret—this is expected. If you want to be extra cautious, run the CLI in a network-monitored or sandboxed environment the first time. - Principle of least privilege: only grant the Feishu app the minimal scopes it needs and rotate credentials if you stop using the tool. If you rely on strong credential protection for production use, do not use the default ConfigManager as-is; replace with secure keychain storage or encrypt the credentials with a secret only you control.

Like a lobster shell, security has layers — review code before you run it.

automationvk974ev3jskrtdk5afyysz7y6m983gm4cbitablevk974ev3jskrtdk5afyysz7y6m983gm4cclivk974ev3jskrtdk5afyysz7y6m983gm4cdatabasevk974ev3jskrtdk5afyysz7y6m983gm4cfeishuvk974ev3jskrtdk5afyysz7y6m983gm4clarkvk974ev3jskrtdk5afyysz7y6m983gm4clatestvk974ev3jskrtdk5afyysz7y6m983gm4cproductivityvk974ev3jskrtdk5afyysz7y6m983gm4cspreadsheetvk974ev3jskrtdk5afyysz7y6m983gm4c
240downloads
0stars
1versions
Updated 1mo ago
v1.0.0-beta
MIT-0
@zwybirth
automationbitableclidatabasefeishularklatestproductivityspreadsheet
Download

feishu-bitable-plus

企业级飞书多维表格智能操作技能 - 自然语言驱动,纯本地安全部署

描述

用自然语言操作飞书多维表格,告别复杂API。

支持批量处理、数据同步、质量分析,纯本地部署保障数据安全。

安装

npx clawhub@latest install feishu-bitable-plus

使用

# 配置飞书凭证
fbt config

# 自然语言查询
fbt query "列出客户表的所有记录"

# 交互模式
fbt interactive

功能

  • 自然语言操作表格
  • 完整CRUD(增删改查)
  • 批量导入导出
  • 跨表数据同步
  • 数据质量分析

权限

  • bitable:app
  • bitable:record
  • bitable:table

作者

wenyuan

许可证

MIT

Comments

Loading comments...