ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Docs to Feishu

v0.1.0

将 Google Docs 文档内容同步/复制到飞书文档。支持手动触发全自动转换。 当用户提到 Google Docs 转飞书、Google 文档同步、复制文档到飞书时激活。

0· 63·0 current·0 all-time
byVesper@turbos7

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for turbos7/google-docs-to-feishu.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Google Docs to Feishu" (turbos7/google-docs-to-feishu) from ClawHub.
Skill page: https://clawhub.ai/turbos7/google-docs-to-feishu
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install google-docs-to-feishu

ClawHub CLI

Package manager switcher

npx clawhub@latest install google-docs-to-feishu
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Google Docs → Feishu sync) matches what the SKILL.md describes and what the code shows: Google OAuth, reading Docs API, converting blocks to Markdown, and creating/writing Feishu docs. Requested artifacts (local credentials JSON, token.json) are appropriate for Google OAuth. The only minor note: the code requests userinfo.profile and userinfo.email scopes in addition to documents.readonly — these are plausible for identifying the user but are not strictly necessary for reading Docs.
Instruction Scope
Runtime instructions are scoped to the declared purpose: they explain creating a Google Cloud OAuth client, saving credentials to ~/.config/google-docs-to-feishu/, running an authorization flow (local server on port 8765), then fetching docs and pushing converted content to Feishu. The SKILL.md does not instruct reading unrelated files or exfiltrating arbitrary data. It does rely on a provided Feishu folder token or configured feishu-doc capability.
Install Mechanism
No install spec (instruction-only) — lowest-risk install model. The skill includes a JS file intended to run as a CLI; nothing is downloaded from external arbitrary URLs during install according to the provided metadata.
Credentials
The skill does not request environment variables or other credentials up-front. It stores Google OAuth client credentials and tokens under ~/.config/google-docs-to-feishu/, which is consistent with OAuth usage. The Feishu folder token is passed at runtime in the sync payload rather than as an environment variable; this is reasonable. Note that the inclusion of userinfo.* scopes and the use of a local token file are things the user should be aware of.
Persistence & Privilege
always:false and no special platform privileges are requested. The skill writes its own config/token to ~/.config/google-docs-to-feishu/ (expected). It runs a short-lived local auth HTTP server on port 8765 for OAuth callback, which is normal for desktop OAuth flows.
Assessment
This skill appears to do what it says: it uses Google OAuth to read Google Docs and converts them to Markdown before creating Feishu documents. Before installing, review the full javascript file yourself (or ask the author) because the provided source was truncated in this package summary and the code imports child_process.execSync — confirm what commands are executed (likely to open a browser) and that no unexpected remote endpoints are contacted. Confirm you are comfortable storing Google OAuth client credentials and tokens under ~/.config/google-docs-to-feishu/, and only provide a Feishu folder token to the skill when you trust it. If you want higher assurance, request the complete source and check for any hard-coded remote URLs, unexpected network calls, or shell commands that could run arbitrary input.
google-docs-to-feishu.js:444
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977v2yztjtc543wxcdj9vqwah85ccs4
63downloads
0stars
1versions
Updated 4d ago
v0.1.0
MIT-0
Vesper@turbos7
latest
Download

Google Docs → 飞书文档 同步工具

功能概述

  • Google Docs 文档 → 飞书文档全自动转换
  • 支持标题、段落、列表、表格、图片
  • 手动触发,无需定时

凭证配置

首次使用需要配置 Google OAuth,步骤如下:

1. 创建 Google Cloud 项目

访问 https://console.cloud.google.com,创建项目后:

  1. 启用 Google Docs API
  2. 创建 OAuth 2.0 Client ID(桌面应用类型)
  3. 下载 JSON 文件,保存为 ~/.config/google-docs-to-feishu/credentials.json

2. 授权

首次运行会自动打开浏览器进行授权,或手动访问授权 URL 完成授权。

3. 凭证存放位置

~/.config/google-docs-to-feishu/
├── credentials.json    # OAuth 客户端信息
├── token.json          # 访问令牌(自动生成)

使用方法

同步 Google Docs 到飞书

提供 Google Docs 链接和飞书文件夹 token:

{
  "action": "sync",
  "google_doc_url": "https://docs.google.com/document/d/XXXXXXXXXXXXXXXXXXXXXXXX/edit",
  "feishu_folder_token": "fldcnXXXXXXXXXXXXXX"
}

参数说明

参数必填说明
google_doc_urlGoogle Docs 链接
feishu_folder_token飞书文件夹 token,不填则创建在根目录
feishu_owner_open_id飞书用户 open_id,用于授予文档访问权限

返回

  • 飞书文档链接
  • 文档标题
  • 同步状态

完整流程说明

  1. 读取 Google Docs — 通过 Google Docs API 获取文档 blocks 结构
  2. 格式转换 — 将 Google Docs block 转换为 Markdown
  3. 创建飞书文档 — 在指定文件夹创建文档
  4. 写入内容 — 通过 feishu-doc 写入 Markdown 内容

权限要求

Google 侧

  • Google Docs API
  • OAuth 2.0 授权(read only)

飞书侧

  • feishu-doc skill(已配置)

注意事项

  • 表格图片等复杂格式可能存在少量格式差异
  • 首次授权需要人工操作,后续可自动续期

Comments

Loading comments...