ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Knowledge Ingest

v1.0.0

batch ingest feishu folders and single attachments into report-first knowledge artifacts. use when chatgpt needs to read a feishu directory or a single share...

0· 101·0 current·0 all-time
by@kaiasdobi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kaiasdobi/feishu-knowledge-ingest.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Knowledge Ingest" (kaiasdobi/feishu-knowledge-ingest) from ClawHub.
Skill page: https://clawhub.ai/kaiasdobi/feishu-knowledge-ingest
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-knowledge-ingest

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-knowledge-ingest
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name and description promise batch ingestion from Feishu folder links or shared-attachment tokens, but the code and README contain no Feishu API adapter, no network/download logic, and no environment variables for Feishu credentials. The runtime only processes local files in a directory, so someone expecting automatic Feishu integration would be misled.
!
Instruction Scope
SKILL.md describes resolving folder tokens, enumerating files, routing permission-blocked items, and preserving source tokens; run.py implements a local directory loop and sets source_token to an empty string. The instructions thus give the agent responsibilities (handle Feishu tokens, list remote files) that the provided code does not implement.
Install Mechanism
There is no install spec (instruction-only), but a requirements.txt lists python-docx and pypdf which are reasonable for the included parsers. No remote downloads or unusual install steps are present, so install risk is low — but the skill does not document how to install those requirements in the SKILL.md.
!
Credentials
SKILL.md expects inputs like 'folder_token' or shared-attachment links, yet requires.env is empty and there are no declared primary credentials. If you intend to enable live Feishu ingestion you would need to add credentials (which is not currently handled). The absence of any credential requirement is inconsistent with the stated purpose.
Persistence & Privilege
The skill is not always-on, does not request elevated platform privileges, and does not modify other skills or system-wide settings. It writes output files to a specified output directory (local disk) which is expected behaviour for an ingestion tool.
What to consider before installing
This package is a local, v0.1 skeleton for parsing .docx/.pdf files and producing report-first outputs — it does NOT actually connect to Feishu or accept Feishu tokens. If you install this expecting automatic Feishu folder ingestion, you will be disappointed: you'll need to add a Feishu listing/download adapter and credential handling. Before using: inspect run.py and the parser files (they only read local files and do not send data externally), install the Python dependencies (python-docx, pypdf) in a controlled environment, and be careful that any files you ingest don't contain sensitive information you don't want written into the generated outputs (kb-items.jsonl, failed-items.jsonl, MEMORY.candidate.md, ingest-report.md). If you want real Feishu integration, ask the author for the connector code or add secure credential requirements (and review any network/download code for where data is sent).

Like a lobster shell, security has layers — review code before you run it.

latestvk97cc8c449xe61tpr6gfpx1s7983fyfz
101downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@kaiasdobi
latest
Download

Feishu Knowledge Ingest

Use this skill to turn a Feishu folder or a single shared attachment into structured, reviewable knowledge outputs.

What this skill does

  • Accept a Feishu folder link/token or a single shared attachment.
  • Classify files into direct-read, download-and-parse, manual-review, or permission-blocked.
  • Parse .docx and .pdf in v0.1.
  • Produce report-first outputs instead of writing MEMORY.md directly.
  • Preserve failures and uncertainty instead of guessing content.

Supported v0.1 scope

Inputs

  • Feishu folder link or folder_token
  • Single shared attachment link or token

Parsing

  • .docx
  • .pdf

Outputs

  • ingest-report.md
  • kb-items.jsonl
  • failed-items.jsonl
  • MEMORY.candidate.md

Required behavior

  1. Distinguish Feishu native docs from uploaded attachments.
    • Native docs: doc, sheet, wiki, bitable
    • Uploaded attachments: .docx, .pdf, .pptx, other files
  2. Do not claim attachment content was learned unless text was actually extracted.
  3. Default to report-first. Do not write MEMORY.md in v0.1.
  4. Record every failed file with a concrete reason.
  5. Prefer plain-text summaries over complex Feishu cards when reporting progress.

File routing rules

Direct-read

Treat these as direct-read only when the runtime has a reliable native-reader path:

  • doc
  • sheet
  • wiki
  • bitable

Download-and-parse

Treat these as download-and-parse:

  • .docx
  • .pdf

Manual-review

Route here when the file is out of scope or low-confidence in v0.1:

  • .pptx
  • images
  • scans with no extractable text
  • archives
  • unusual file types

Permission-blocked

Route here when listing is possible but the file cannot be downloaded or read.

Standard workflow

  1. Resolve input type.
    • Folder link/token -> enumerate files.
    • Single file link/token -> build a one-file manifest.
  2. Create a batch record.
    • Generate batch_id.
    • Record started_at.
  3. Build a manifest.
    • File name
    • File token/link
    • file type
    • route decision
  4. Attempt extraction.
    • .docx -> use parsers/parse_docx.py
    • .pdf -> use parsers/parse_pdf.py
  5. Produce structured outputs.
    • success -> append to kb-items.jsonl
    • failure -> append to failed-items.jsonl
  6. Summarize the batch.
    • Write ingest-report.md
    • Write MEMORY.candidate.md
  7. Finish the batch.
    • Record finished_at
    • Never auto-write MEMORY.md

Output contracts

kb-items.jsonl

Write one JSON object per successfully extracted knowledge item with at least:

  • batch_id
  • source_file
  • source_token
  • file_type
  • topic
  • content_type
  • summary
  • extracted_at
  • confidence

failed-items.jsonl

Write one JSON object per failed or blocked file with at least:

  • batch_id
  • source_file
  • source_token
  • file_type
  • failure_reason
  • error_detail
  • suggested_action
  • failed_at

MEMORY.candidate.md

Include:

  • batch header (batch_id, started_at, finished_at, source_directory or source_file)
  • grouped knowledge summaries
  • source references
  • confidence notes
  • items needing review

ingest-report.md

Include:

  1. Batch summary
  2. Input scope
  3. File counts and routing counts
  4. Successful extraction summary
  5. Failures and risks
  6. Recommended next actions

Safety rules

  • Never invent text that was not extracted.
  • If parsing fails, say so plainly and log it.
  • Treat filenames as hints only, never as proof of document contents.
  • Keep sensitive data out of MEMORY.candidate.md unless the workflow explicitly allows it.

Included files

  • run.py: minimal batch runner for local testing
  • parsers/parse_docx.py: docx text extraction helper
  • parsers/parse_pdf.py: pdf text extraction helper
  • references/output_examples.md: sample output shapes and field guidance
  • README.md: setup and usage notes

Comments

Loading comments...