ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-doc-sender

v1.0.0

Send Word (.docx) and PDF documents to Feishu/Lark users and groups. Automatically detects document files in workspace and delivers them with proper formatti...

0· 96·0 current·0 all-time
by@timyljob2011-sudo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for timyljob2011-sudo/feishu-doc-sender.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "feishu-doc-sender" (timyljob2011-sudo/feishu-doc-sender) from ClawHub.
Skill page: https://clawhub.ai/timyljob2011-sudo/feishu-doc-sender
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-doc-sender

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-doc-sender
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The manifest and SKILL.md state that the skill will send .docx/.pdf files to Feishu/Lark users/groups, but the repository contains only a local finder script (find_docs.py) that lists files in a workspace; there is no code, instructions, or required environment variables to authenticate with or call Feishu/Lark APIs. Additionally, README references scripts/find_docs.py (a different path) and SKILL.md mentions /workspace/ while find_docs.py defaults to OPENCLAW_WORKSPACE (/root/.openclaw/workspace) — these inconsistencies further reduce trust that the package implements its claimed sending capability.
!
Instruction Scope
SKILL.md instructs scanning the workspace and confirming before sending, but does not provide any concrete sending steps or external endpoints. The included script only reads files in the workspace (using OPENCLAW_WORKSPACE if set) and prints or JSON-outputs matches; it does not contact external services or exfiltrate data. However, SKILL.md's high-level language ('确认后发送', '一键发送') gives a user the expectation of automated delivery that the package does not implement.
Install Mechanism
Instruction-only skill with a small Python utility; there is no install spec or remote downloads. Nothing is written to disk by an installer and there are no suspicious download URLs or packaged binaries.
!
Credentials
No Feishu/Lark credentials or API environment variables are declared or required despite the skill's claimed ability to send messages (expected vars like APP_ID, APP_SECRET, BOT_TOKEN, or WEBHOOK are absent). The script does use an environment variable OPENCLAW_WORKSPACE (not documented in SKILL.md) which is plausible but not called out. The absence of any credential handling is disproportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, does not request persistent/system-wide changes, and contains no code that modifies other skills or global agent config. Autonomous invocation is allowed by default but that is normal and not by itself a red flag here.
What to consider before installing
This package is primarily a local file-discovery helper, not a complete Feishu/Lark sender. Before installing or enabling it: 1) Don't assume it will upload or send files — the code only finds and lists files. 2) If you want automatic sending, request a skill that explicitly shows Feishu API calls and documents required credentials (app id/secret or bot token) and where to set them. 3) Note the workspace path mismatch — the script defaults to OPENCLAW_WORKSPACE (/root/.openclaw/workspace) while SKILL.md mentions /workspace/ and README references scripts/find_docs.py; verify which path will be scanned and that sensitive files won't be exposed. 4) Test the script in a safe sandbox workspace first. 5) If the intent is automated delivery, insist the author add explicit, auditable sending code (with secure credential handling) or explain how it integrates with another skill that performs the send.

Like a lobster shell, security has layers — review code before you run it.

latestvk973h6f57wwpfyh3fv49315bps83hqjj
96downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@timyljob2011-sudo
latest
Download

Feishu Document Sender

飞书文档发送助手 — 轻松发送 Word 和 PDF 文件到飞书对话。

What This Skill Does

  • 📄 自动检测工作目录中的 Word (.docx) 和 PDF 文件
  • 📤 一键发送到飞书私聊或群聊
  • 🎯 智能匹配根据文件名关键词找到目标文件
  • 📋 批量支持可同时发送多个文件

When to Use

  • 发送生成的报告、书籍、文档给老板/团队
  • 交付工作成果(Word/PDF格式)
  • 批量分发文件到飞书群组
  • 需要确认文件格式后再发送

Usage

简单用法

User: "把AI办公入门发给老板"
→ 自动找到 AI办公入门.docx 和 AI办公入门.pdf
→ 确认后发送

指定格式

User: "发Word版本就行"
→ 只发送 .docx 文件

User: "只要PDF"
→ 只发送 .pdf 文件

批量发送

User: "把昨天的报告都发给我"
→ 查找并列出匹配的文件
→ 确认后批量发送

File Detection Logic

  1. 扫描工作目录 (/workspace/)
  2. 匹配文件名(模糊匹配,支持关键词)
  3. 过滤格式(.docx / .pdf / .epub 可选)
  4. 按时间排序(最新的优先)
  5. 去重处理(同名文件只保留最新)

Best Practices

文件命名建议

为了让 Skill 更好地找到文件:

  • AI办公入门_最终版.docx
  • 2024年度报告.pdf
  • 项目方案_v2.docx
  • 新建 Microsoft Word 文档.docx
  • final_final_FINAL.pdf

发送前确认

Skill 会列出找到的文件并询问确认,避免发错:

找到以下文件:
1. AI办公入门_最终版.docx (31KB)
2. AI办公入门.pdf (59KB)

确认发送吗?

Supported Formats

格式扩展名用途
Word 文档.docx可编辑的办公文档
PDF 文档.pdf不可篡改的正式文档
EPUB 电子书.epub电子书阅读器格式(可选)

Error Handling

  • 文件不存在 → 提示用户检查文件名或重新生成
  • 格式不支持 → 建议转换为 .docx 或 .pdf
  • 发送失败 → 检查飞书权限和网络连接
  • 文件过大 → 提示飞书单文件大小限制(通常 20-100MB)

Integration with Other Skills

这个 Skill 通常配合以下 Skill 使用:

  • md-to-pdf — Markdown 转 PDF 后发送
  • kdp-generator — 生成书籍后发送给作者
  • feishu-doc — 飞书文档操作后分享成果

Clawhub Info

  • Version: 1.0.0
  • Author: OpenClaw Community
  • Tags: feishu, lark, document, pdf, word, sender
  • License: MIT

Comments

Loading comments...