ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Doc

v1.0.0

Read, create, update, and append content in Feishu (飞书) documents with appropriate user permissions.

0· 294·0 current·0 all-time
by@erick0309

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for erick0309/feishu-doc-cn.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Doc" (erick0309/feishu-doc-cn) from ClawHub.
Skill page: https://clawhub.ai/erick0309/feishu-doc-cn
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-doc-cn

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-doc-cn
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and SKILL.md all indicate Feishu document read/write/append capabilities and reference a tool called 'feishu_doc', so the functionality described is coherent. However, the skill does not declare any required credentials or primaryEnv even though using Feishu APIs requires authentication; this omission is unexplained (may rely on platform-managed tool auth, but that is not documented here).
Instruction Scope
SKILL.md is short and narrowly scoped to Feishu document operations. It does not instruct the agent to read unrelated files, access arbitrary system paths, or send data to unknown endpoints. No open-ended directives grant broad discretionary data collection.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and no third-party packages are pulled in by the skill itself — low install risk from the skill package.
!
Credentials
The SKILL.md states the user must have a Feishu account and references a 'feishu_doc' tool, but the registry metadata lists no required environment variables or primary credential. That mismatch is concerning: the skill either relies on an out-of-band platform tool binding (acceptable if documented) or it omits requesting credentials it needs. Also the skill has unknown source/homepage, so it's unclear who implements the 'feishu_doc' tool and how auth tokens are stored/used.
Persistence & Privilege
The skill does not request always:true and uses default invocation settings. Autonomous invocation is allowed (platform default) — combined with the credential ambiguity this increases potential blast radius, but the skill itself does not request elevated persistent privileges.
What to consider before installing
This skill appears to do what it says (manage Feishu docs) but it leaves out how authentication is handled and the source is unknown. Before installing: 1) Ask the platform/vendor how the 'feishu_doc' tool is implemented and where Feishu credentials/tokens are stored and used (OAuth flow, scope, storage location). 2) Confirm the minimum OAuth scopes required and that tokens are limited to only the needed document permissions. 3) Prefer testing with a throwaway Feishu account or limited-permission account first. 4) If the platform requires you to paste tokens, verify you trust the skill owner; avoid providing long-lived account credentials. 5) If you cannot get clear documentation about auth and the tool's implementer, treat the skill as higher risk and do not install it on sensitive accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bmf6kg7gk765rkx1z4mmsch83whz3
294downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@erick0309
latest
Download

Feishu Doc Skill

Use this skill when user wants to read, create, update, or manage Feishu (飞书) documents.

Tools Available

  • feishu_doc: Read, write, append, create documents in Feishu

Use Cases

  • Read content from a Feishu document
  • Create new Feishu documents
  • Update existing Feishu documents
  • Append content to Feishu documents

Auth

User must have Feishu account with appropriate permissions to access documents.

Examples

  • "帮我读取一下这个飞书文档的内容"
  • "创建一个新飞书文档"
  • "更新这个飞书文档"
  • "在这个飞书文档后面追加内容"

Comments

Loading comments...