ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw飞书问题排查

v1.0.0

飞书插件问题排查工具。包含常见问题 FAQ 和深度诊断命令(/feishu_doctor)。 常见问题可随时查阅。诊断命令用于排查复杂问题(多次授权仍失败、自动授权无法解决等), 会检查账户配置、API 连通性、应用权限、用户授权状态,并生成详细的诊断报告和解决方案。

0· 131·0 current·0 all-time
by@chenfa188

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chenfa188/openclaw-feishu-troubleshoot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw飞书问题排查" (chenfa188/openclaw-feishu-troubleshoot) from ClawHub.
Skill page: https://clawhub.ai/chenfa188/openclaw-feishu-troubleshoot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-feishu-troubleshoot

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-feishu-troubleshoot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (Feishu troubleshooting) matches the SKILL.md content, but the documented capabilities (checking appId/appSecret, API connectivity, bot openId, user tokens/offline_access) imply access to credentials or platform APIs. The skill declares no credentials, no required binaries, and no install — there is a capability/requirements mismatch.
!
Instruction Scope
The SKILL.md describes a runtime diagnostic ('/feishu doctor') that will inspect sensitive items (appId/appSecret masked, token refresh state, connectivity). The instructions do not explain how the agent obtains the credentials or performs API calls, nor do they explicitly avoid asking the user to paste secrets. That vagueness grants the agent broad discretion and could lead to sensitive data exposure if implemented poorly.
Install Mechanism
There is no install spec and no code files (instruction-only), so nothing is written to disk and no external packages are fetched — low install risk.
!
Credentials
The diagnostic claims require access to app credentials, tokens, and user auth states, but the skill declares no required environment variables or primary credential. Either the skill is relying on an implicit platform-integrated Feishu connector (not documented), or it would require asking for secrets at runtime — both should be explicit. The lack of declared secrets is disproportionate to the claimed checks.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. It does not request persistent system presence or modify other skills; autonomy (model invocation) remains default and is not by itself a red flag here.
What to consider before installing
Don't install or run this skill until the author clarifies how diagnostics are performed and where credentials come from. Key questions to ask the publisher: (1) Where is the code that performs the API checks? Provide a source link. (2) Does this rely on a platform-managed Feishu connector or will it ask you to paste appId/appSecret or user tokens? If it asks for secrets, refuse to paste them in chat; provide credentials only via a secure platform credential store. (3) Request explicit list of data accessed and retention policy (are any tokens or logs stored/exported?). If you must use it, test in a non-production tenant with minimal privileges and avoid sharing real secrets. Prefer skills that declare required env vars/credentials and publish their implementation/source.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jtnxngdkxyqkh7hp8pbr9x83sxjj
131downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@chenfa188
latest
Download

飞书插件问题排查

❓ 常见问题(FAQ)

卡片按钮点击无反应

现象:点击卡片按钮后没有任何反应,然后提示报错.

原因:应用未开通「消息卡片回传交互」权限。

解决步骤

  1. 登录飞书开放平台:https://open.feishu.cn/app
  2. 选择您的应用 → 事件与回调
  3. 在回调配置中,修改订阅方式为"长链接"并添加回调 "卡片回传交互"(card.action.trigger)
  4. 创建应用版本 → 提交审核 → 发布

🔍 诊断命令(深度工具)

注意:诊断命令仅用于排查复杂/疑难的权限相关问题。常规权限问题会自动触发授权流程,无需手动诊断。

何时使用诊断

  • 多次授权后仍然报错
  • 自动授权流程无法解决的问题
  • 需要查看完整的权限配置状态

使用方法

在飞书聊天会话中直接输入(作为用户消息发送):

/feishu doctor

诊断命令会检查:

  • 📋 诊断摘要(首先展示):

    • 总体状态(✅ 正常 / ⚠️ 警告 / ❌ 失败)
    • 发现的问题列表和简要描述

  • 环境信息

    • 插件版本

  • 账号信息

    • 凭证完整性(appId, appSecret 掩码)
    • 账户启用状态
    • API 连通性测试
    • Bot 信息(名称和 openId)

  • 应用身份权限

    • 应用已开通的必需权限数量
    • 缺失的必需权限列表
    • 一键申请链接(自动带上缺失权限参数)

  • 用户身份权限

    • 用户授权状态统计(✓ 有效 / ⟳ 需刷新 / ✗ 已过期)
    • Token 自动刷新状态(是否包含 offline_access)
    • 权限对照表(应用已开通 vs 用户已授权,逐项对比)
    • 应用权限缺失时的申请指引和链接
    • 用户授权不足时的重新授权操作方法

Comments

Loading comments...