Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (send files to Feishu) match the runtime instructions: all examples show calling the platform's message(...) helper with channel="feishu" and a local file path. There are no unrelated dependencies, credentials, or install steps requested.
Instruction Scope
SKILL.md confines actions to creating or selecting files in the user's workspace and invoking message(action="send", channel="feishu", media=...). Example snippets show writing a PDF via a local Python subprocess and then sending it. While the examples include a hard-coded user path (/Users/wangbotao/...) and use subprocess.run (which runs local code), those are example usages to create local files and are coherent with the skill's purpose; the instructions do not ask for unrelated files, environment variables, or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, so install risk is minimal.
Credentials
The skill declares no required environment variables, credentials, or config paths. It references Feishu permissions (im:message, drive:file) as expected for sending files, but does not request any secrets. This is proportionate to the stated functionality.
Persistence & Privilege
Flags are default (always:false, user-invocable:true, model invocation enabled) and the skill does not request persistent presence or modify other skills or system settings.
Scan Findings in Context
[no-regex-findings] expected: Regex scanner had nothing to analyze because this is an instruction-only skill with no code files; that is expected for such skills.
Assessment
This skill appears to be what it claims: an instruction-only helper for sending local files to Feishu using the agent's message(...) tool. Before installing, ensure your agent's message tool already has valid Feishu authorization (im:message, drive:file) so sends will succeed. Be aware that example snippets run local Python subprocesses and reference a specific filesystem path (/Users/wangbotao/.openclaw/workspace); adapt paths to your environment and avoid running unreviewed shell/python commands you don't understand. Because the skill requests no credentials or installs, the technical risk is low, but always confirm the agent only sends files you intend and that workspace files do not contain sensitive secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk976p8ysv0m1xz4h3bc0fnas1582n904
License
MIT-0
Free to use, modify, and redistribute. No attribution required.