ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Calendar Meeting.Tmp

创建飞书日历事件和视频会议。通过日历 API 创建,自动关联飞书视频会议。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 23 · 0 current installs · 1 all-time installs
bylaner@kelaner
fork of @sangy12/feishu-calendar-meeting (based on 1.0.0)
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Skill name/description and SKILL.md instructions align: it uses Feishu calendar API and vchat to create events with video. However the SKILL.md's embedded metadata declares a token (feishu_user_token) while the registry 'requirements' section lists no required credentials — an inconsistency between what the skill expects and what the platform metadata declares. _meta.json ownerId also differs from registry Owner ID.
Instruction Scope
Runtime instructions are narrowly scoped to OAuth, token refresh, reading a user token, calling Feishu calendar endpoints (open.feishu.cn) and creating events. The skill does instruct storing tokens at ~/.openclaw/workspace/feishu_tokens.md and reading them back, which is within the skill's purpose but is sensitive behavior (writing/reading user secrets). No instructions reference unrelated files, system configuration, or other services.
Install Mechanism
No install spec and no code files; this is instruction-only. That minimizes installation risk — nothing is downloaded or executed beyond standard curl/python usage described in the doc.
!
Credentials
SKILL.md and its embedded metadata expect a user access token (feishu_user_token) and describe OAuth scopes and storing refresh/access tokens. The registry-level 'Required env vars' and 'Primary credential' fields are blank, which is inconsistent and could lead to surprise if tokens are required at runtime. The practice of storing tokens in a known file path (~/.openclaw/workspace/feishu_tokens.md) is convenient but concentrates sensitive credentials in a file; the skill does not document encryption or access controls for that file.
Persistence & Privilege
Skill is not always-on and does not request elevated platform privileges. It does not attempt to modify other skills or system-wide settings in the instructions. Autonomous invocation is allowed (platform default) but is not combined with other high-risk flags.
What to consider before installing
This skill appears to do what it says (create Feishu calendar events with video meetings) and uses only standard API calls, but take these precautions before installing: (1) confirm the maintainer/owner identity — the manifest contains inconsistent owner IDs; (2) expect to provide a Feishu user OAuth token/refresh token even though registry metadata claims no required env vars; (3) consider how tokens are stored — the skill suggests saving tokens to ~/.openclaw/workspace/feishu_tokens.md (a plaintext file by implication); use your platform's secrets storage or limit file permissions if you proceed; (4) review and grant only the minimum OAuth scopes listed (calendar/event create, vc:meeting); (5) if you need higher assurance, ask the publisher to correct registry metadata to list the required token and to document secure token handling (encryption or platform secret store). If you cannot verify the owner or do not want tokens written to disk, do not install.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97czbt2jd46h34swpwq0kbbrd83p90z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis

SKILL.md

飞书日历 & 视频会议

通过飞书日历 API 创建事件,可选择关联飞书视频会议。

准备工作

1. OAuth 授权(首次)

需要获取 user_access_token,流程:

  1. 在飞书开放平台后台开通权限:
    • calendar:calendar
    • calendar:calendar.event:create
    • vc:meeting
  2. 配置重定向 URL(如 http://127.0.0.1:8080/callback
  3. 生成授权链接并让用户授权

2. Token 管理

  • access_token 有效期约 2 小时
  • refresh_token 有效期约 30 天
  • 过期后用 refresh_token 刷新

Token 保存在 ~/.openclaw/workspace/feishu_tokens.md

使用方式

创建日历会议(带视频会议)

# 参数
USER_TOKEN="xxx"  # 从 feishu_tokens.md 读取
CALENDAR_ID="feishu.cn_xxx@group.calendar.feishu.cn"

# 时间戳计算(明天 10:00-11:00 北京时间)
START_TS="1772071200"  # 2026-02-26 10:00:00
END_TS="1772074800"    # 2026-02-26 11:00:00

# 创建日历事件(带视频会议)
# 根据用户输入选择添加字段,不要添加用户未指定的字段

# 必填字段
JSON='{
  "start_time": {"timestamp": "'"$START_TS"'", "timezone": "Asia/Shanghai"},
  "end_time": {"timestamp": "'"$END_TS"'", "timezone": "Asia/Shanghai"},
  "summary": "会议标题",
  "vchat": {"vc_type": "vc"}
}'

# 可选:用户指定描述时添加
# "description": "描述内容"

# 可选:用户指定地点时添加
# "location": "地点"

curl -s -X POST "https://open.feishu.cn/open-apis/calendar/v4/calendars/${CALENDAR_ID}/events" \
  -H "Authorization: Bearer $USER_TOKEN" \
  -H "Content-Type: application/json" \
  -d "$JSON"

参数说明

根据用户输入决定是否包含以下字段:

  • summary: 会议标题(必填)
  • description: 会议描述(用户指定时)
  • start_time: 开始时间(必填)
  • end_time: 结束时间(必填)
  • location: 会议地点(用户指定时)
  • vchat.vc_type: 设为 "vc" 创建视频会议

时间戳计算

import datetime
dt = datetime.datetime(2026, 2, 26, 10, 0, 0, tzinfo=datetime.timezone(datetime.timedelta(hours=8)))
timestamp = int(dt.timestamp())

获取用户日历 ID

curl -s "https://open.feishu.cn/open-apis/calendar/v4/calendars" \
  -H "Authorization: Bearer $USER_TOKEN"

返回的 calendar_id 即为主日历 ID

返回结果示例

成功创建后,返回要点:

  • 会议标题
  • 日期和时间
  • 会议链接

示例:

✅ 会议已创建!
📅 2026年2月27日 10:00-11:00
🎥 https://vc.feishu.cn/j/xxx

注意事项

  • 如果用户没有指定描述(description),不要添加额外的描述
  • 如果用户没有指定地点(location),不要添加

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…