Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
📄 Feishu Doc Manager | 飞书文档管理器
v1.0.0📄 Feishu Doc Manager | 飞书文档管理器 Seamlessly publish Markdown content to Feishu Docs with automatic formatting. Solves key pain points: Markdown table conversion, permission management, batch writing. 将 Markdown 内容无缝发布到飞书文档,自动渲染格式。 解决核心痛点:Markdown 表格转换、权限管理、批量写入。
⭐ 22· 12k·142 current·147 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to publish Markdown to Feishu Docs and manage permissions; the listed Feishu API scopes (docx:document, docx:document:write_only, docs:permission.member) are consistent with that purpose. However, the bundle declares no required environment variables or primary credential even though Feishu API access requires app credentials/tokens. That mismatch is a sign of incomplete/incoherent packaging.
Instruction Scope
SKILL.md contains a Quick Start that instructs the user/agent to run a git clone of a GitHub repo into ~/.openclaw/workspace/skills. The instructions do not explain the auth flow (where to provide Feishu app id/secret or tokens), do not document how credentials are stored, and offer no guidance for safe execution. Recommending an external repo clone in runtime instructions without bundled code or auth details is scope creep and ambiguous.
Install Mechanism
There is no formal install spec in the registry (instruction-only skill). The SKILL.md suggests cloning https://github.com/Shuai-DaiDai/feishu-doc-manager — GitHub is a known host (lower risk than arbitrary IPs), but the registry package contains no code files itself, so the agent would fetch external code at runtime. That increases risk and should be made explicit and vetted before execution.
Credentials
The skill requests Feishu API permission scopes but declares zero required environment variables or primary credential. Real operation will need app credentials / tenant_access_token / refresh tokens or similar. The absence of declared credential requirements is disproportionate and ambiguous (where should secrets be put? how are they obtained?).
Persistence & Privilege
The skill does not request always: true and makes no claims to modify other skills or system-wide settings. It appears to be user-invocable only and does not request elevated persistence in the provided metadata.
What to consider before installing
This skill could be legitimate, but it has important gaps and a risky instruction. Before installing or running it: 1) Ask the author or maintainer to provide a complete SKILL.md that documents the auth flow (exact environment variables or secrets needed, how tokens are obtained/renewed, and where they're stored). 2) Request an install spec or include the code in the skill bundle so you don't have to git-clone at runtime; if you must clone, review the repo code yourself (or in a sandbox) before executing. 3) Confirm the minimal Feishu scopes required and avoid granting broader permissions than necessary. 4) If you lack capacity to audit the repository, run it in an isolated environment and do not provide high-privilege credentials. These checks would raise confidence from 'medium' to 'high.'Like a lobster shell, security has layers — review code before you run it.
latestvk97dqdx47nx20s03am1kezpnw980tzdv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.