yuqing-bitable-and-label

Incrementally sync data from XiaoAi API to Feishu Bitable and optionally auto-label records with machine-based type and sentiment annotations.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 60 · 0 current installs · 0 all-time installs

by@FrankieWay

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The declared inputs (Feishu APP_ID/APP_SECRET, XiaoAi token, bitable_url) match the stated purpose of syncing data to a Feishu Bitable and writing labels. The code implements expected behaviors (fetch from XiaoAi API, write to Feishu bitable, optional labeling). Note: the labeling component optionally uses an OpenAI-compatible gateway if OPENAI_* env vars are provided; that capability is plausible for the stated labeling purpose but is not listed in SKILL.md inputs or permissions.

!

Instruction Scope

The SKILL.md entrypoint runs sync_and_label_skill.py which follows the declared purpose. However the labeling runtime can (if OPENAI_API_KEY / OPENAI_BASE_URL / OPENAI_MODEL are set) send record content to an arbitrary OpenAI-compatible endpoint. SKILL.md's network permissions only list Feishu and the default XiaoAi host, so outbound calls to api.openai.com or other gateways are not declared. Additionally auxiliary scripts (sync.sh, monitor.sh) read/write .env, .cache, logs, and may modify files in the skill directory (e.g., sed edits of .env), which expands the runtime scope beyond a simple one-shot sync.

✓

Install Mechanism

There is no install spec (instruction-only for platform), and provided files are Python scripts and shell helpers that run in-place. No remote download/install from arbitrary URLs is present, which is lower risk. The package includes several helper scripts and caches but nothing that auto-fetches executable code at install time.

!

Credentials

Required secrets (Feishu APP_ID/APP_SECRET, XiaoAi token) are proportional to the sync/write-to-bitable functionality. However the code will also use optional environment variables OPENAI_API_KEY / OPENAI_BASE_URL / OPENAI_MODEL (and other LLM config) to call external LLM gateways. Those are not declared in the skill inputs or network permissions; if set they enable sending user content to arbitrary endpoints. The shell helpers source a .env file from the skill directory (not system-wide) but will mutate it via auto-fix logic — review before use.

✓

Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It creates local files (.cache, logs, .sync.lock) and may modify files inside its own skill directory (e.g., .env auto-fix), but it does not modify other skills or request system-wide persistent privileges.

What to consider before installing

This skill appears to implement the claimed sync-and-label workflow and requires Feishu app credentials and a XiaoAi token — those are expected. Things to consider before installing: - Do NOT set OPENAI_API_KEY / OPENAI_BASE_URL / OPENAI_MODEL unless you trust the external LLM gateway: if provided the skill will send record content to that gateway (default base is api.openai.com), but the SKILL.md did not declare network permissions for that. That mismatch can result in unexpected outbound data transfer. - The skill writes logs, a cache directory, and lock/status files inside its own directory and the provided shell helpers may edit the local .env (monitor.sh/sync.sh include auto-fix logic). Review any .env you place in the skill directory so it does not contain unrelated secrets. - If you plan to run this in production, run it in an isolated environment or staging workspace first and inspect outputs (sync.log, error.log, .sync_status.json). Confirm the run_only network hosts are acceptable. - If you need labeling without sending data to third-party LLMs, verify the labeling mode will accept model outputs via stdin (the code supports a stdin/OpenClaw mode) and avoid supplying OPENAI_* env vars. - If you want to be safer, audit the run_once functions in excel_to_feishu_bitable.py and bitable_labeling_skill.py (they perform HTTP calls and modify bitable fields) to confirm there are no additional unexpected endpoints or behaviors.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.8

Download zip

latestvk97by9ffjv6cpvws9v0wk2b1td8301dm

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

name: xiaoai_sync_and_label version: "2.1.0" description: > 先从小爱数据接口增量拉取数据写入飞书多维表，再对多维表做增量标注：类型（机器）、评价情感（机器）、是否提及竞品(机器)、端(机器)、品牌安全(AI)、内容安全(AI)。可选开启标注：设置 run_labeling=true，标注由 OpenClaw 内置大模型提供（通过 stdin 或内置模型调用传入模型输出）。

entrypoint: command: "python" args: - "sync_and_label_skill.py"

inputs:

name: minutes type: integer required: false default: 60 description: 同步时间窗口，往前补偿的分钟数（基于当前时间）
name: folder_id type: integer required: false default: 763579 description: 小爱接口 folder_id
name: customer_id type: string required: false default: "xmxa" description: 小爱接口 customer_id
name: app_id type: string required: true description: 飞书开放平台应用 APP_ID
name: app_secret type: string required: true description: 飞书开放平台应用 APP_SECRET
name: xiaoai_token type: string required: true description: 小爱接口 token（Bearer 后面的部分）
name: bitable_url type: string required: true description: 目标飞书多维表视图链接（包含 base/app_token 和 table 参数）
name: xiaoai_base_url type: string required: false default: "http://wisers-data-service.wisersone.com.cn" description: 小爱 API 基础域名
name: run_labeling type: boolean required: false default: false description: 同步完成后是否执行多维表增量标注（类型（机器）、评价情感（机器）、是否提及竞品(机器)、端(机器)、品牌安全(AI)、内容安全(AI)）
name: labeling_limit type: integer required: false default: 100 description: 本次标注最多处理的记录数

outputs:

name: inserted_count type: integer description: 本次同步写入多维表的记录数
name: labeling_updated_count type: integer description: 本次标注写回的记录数（未开启标注时为 0）

permissions: network: - "https://open.feishu.cn" - "http://wisers-data-service.wisersone.com.cn"

Files

18 total

Select a file

Select a file to preview.

Comments

Loading comments…