ClawHub

feishu-doc-write

v1.0.0

Feishu (Lark) Document API writing spec. Converts Markdown content to Feishu Block structures and writes to cloud docs. Handles concurrency ordering. Use when syncing articles, creating document blocks, or writing long-form content to Feishu docs.

0· 842·5 current·5 all-time
by@sunnyyao2222-eng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and SKILL.md consistently describe converting Markdown to Feishu Block JSON and calling Feishu's Docx and Drive APIs. The documented endpoints, block types, and conversion approach are coherent with a Feishu document-writing skill and there are no unrelated capabilities requested.
Instruction Scope
SKILL.md stays focused on Feishu Docx and Drive APIs: convert endpoint, create blocks, upload images, and concurrency/ordering strategies. It does not ask for unrelated system files or other services. However, the instructions show examples using an Authorization: Bearer <tenant_access_token> header and multipart file uploads — the doc assumes the agent can obtain and supply access tokens and files (or fetch images) but does not explain where those credentials or files come from.
Install Mechanism
There is no install spec and no code files (instruction-only). That limits the skill's footprint (nothing written to disk, no external packages installed), which is the lowest-risk installation model.
!
Credentials
The SKILL.md demonstrates use of a tenant_access_token (Authorization header) and Drive upload workflows but the registry metadata declares no required environment variables or primary credential. This mismatch reduces transparency: the skill will need authenticated Feishu credentials (and possibly permission to read images or fetch remote URLs) but does not declare them.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or system-wide configuration changes. It doesn't attempt to modify other skills or agent configs. Autonomous invocation is allowed by default (platform normal) but is not combined with other privilege-escalating requests here.
What to consider before installing
This skill is coherent for writing to Feishu documents, but before installing: (1) confirm how the agent will get a Feishu tenant_access_token (the SKILL.md shows it is required but no env var is declared); prefer providing minimal-scope or short-lived credentials rather than broad or long-lived tokens; (2) verify whether image uploads require the agent to read local files or fetch remote URLs — ensure the agent has only the file access you intend; (3) test with a throwaway Feishu account or document to confirm behavior and ordering/merge logic; (4) monitor audit logs and review what the agent writes to your docs, since the skill performs authenticated writes to your cloud documents. If you need higher assurance, ask the skill author to declare required env vars (e.g., FEISHU_TENANT_TOKEN) and to document expected token scopes and any file-access requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk979tyax2d4r1w46pb6rtdkyah810893

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments