feishu-wiki
v1.0.0飞书知识库 Skill。创建知识空间、创建 Wiki 页面节点。当需要在飞书知识库中组织和沉淀文档时使用此 Skill。
⭐ 5· 4.4k·160 current·173 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and SKILL.md align: the skill is a Feishu Wiki helper that creates spaces and nodes via the Feishu Wiki v2 API. Required API endpoints and scopes in the docs match the stated purpose. However, the skill metadata declares no credentials or environment variables while the runtime instructions require an Authorization: Bearer {tenant_access_token} header — a practical gap between claimed capability and declared requirements.
Instruction Scope
SKILL.md stays on-topic: it documents API endpoints, required fields (obj_type, node_token, obj_token), error/permission quirks, and operational best practices (group-admin workaround). It does not instruct reading unrelated system files or sending data to third-party endpoints. One small note: the document includes a repo-style save note ('已保存至 opensource/.../SUMMARY.md') which references a path but is presented as documentation, not as an explicit runtime file operation.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no install-time code to fetch or execute. That reduces installation risk.
Credentials
High concern: the SKILL.md explicitly requires a tenant_access_token in the Authorization header, yet the skill metadata lists no required env vars or primary credential. The skill requests Feishu wiki permissions in the document header (wiki:wiki, wiki:node:create) but provides no mechanism for supplying or scoping those credentials. This can lead to ambiguous behavior (agent may prompt for tokens, use other available tokens, or fail). Confirming exactly which credential(s) the agent will use is necessary before installing.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system changes. It does not modify other skills or system-wide configs. Autonomous invocation is allowed (platform default) but is not by itself a new risk here.
What to consider before installing
This skill looks like a straightforward Feishu Wiki API tutorial/helper, but the documentation expects you to supply a tenant_access_token while the skill metadata doesn’t declare any credential. Before installing: (1) confirm how your agent will obtain and store the Feishu token (do not reuse broad tenant/org-level secrets unless necessary); (2) prefer short-lived, least-privilege app tokens and verify required scopes (wiki:wiki, wiki:node:create) are acceptable; (3) verify whether the agent will prompt you for tokens or will automatically use existing credentials — avoid giving it an org-wide tenant token without review; (4) if you enable autonomous invocation, consider limiting the skill to interactive-only use until you verify behavior in a test environment; and (5) if possible, ask the skill publisher to declare an env var (e.g., FEISHU_TENANT_TOKEN) or add clear instructions how credentials are provided so you can audit and scope them.Like a lobster shell, security has layers — review code before you run it.
latestvk973dv85bx7kjqr0wq9hh997818114qx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.