Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
飞书文档管理器Pro
v1.0.0飞书文档管理技能。支持创建、读取、写入、删除文档和文档块。当用户需要操作飞书文档时使用此技能。触发条件:(1) 创建飞书文档 (2) 读取飞书文档内容 (3) 写入/追加内容到飞书文档 (4) 删除文档块 (5) 清空文档。
⭐ 0· 76·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to manage Feishu documents and the SKILL.md contains Feishu API calls that match that purpose. However, it expects an app_id/app_secret to fetch a tenant token by reading $env:USERPROFILE\.openclaw\openclaw.json (not declared in requires.env). The skill should declare required credentials or use a documented, least-privilege auth flow; the implicit reliance on a local OpenClaw config is disproportionate and undeclared.
Instruction Scope
Runtime instructions explicitly instruct the agent to read a local file ($env:USERPROFILE\.openclaw\openclaw.json) to extract appId and appSecret, then call Feishu APIs using the token. Reading an agent/user config file is outside the stated surface of 'document management' and is sensitive. Other operations (create/read/write/delete blocks) are in-scope for document management. The example also calls an external wttr.in endpoint (harmless for weather), but the main issue is the file access and implicit credential harvesting.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to install. That minimizes install-time risk (nothing is downloaded or written by an installer).
Credentials
The skill declares no required environment variables or primary credential, yet its examples require app_id and app_secret pulled from a local config file. That means it implicitly needs sensitive credentials but does not declare them. Also, the required Feishu scopes include doc creation/deletion and write-only editing — powerful permissions appropriate for destructive operations but worth explicit disclosure before granting.
Persistence & Privilege
always is false and the skill is user-invocable and allowed to run autonomously by default (normal). The skill does not request permanent agent-wide presence or modify other skills' config in the provided instructions.
What to consider before installing
Before installing or running this skill: (1) Note that the SKILL.md tells the agent to read your local OpenClaw config (~\ .openclaw\openclaw.json) to pull appId/appSecret — the skill does not declare these as required credentials. That means it will access sensitive secrets unless you prevent it. (2) Only install if you trust the author; verify the skill owner and source (the _meta.json ownerId does not match the registry ownerId provided), and prefer a signed/official source. (3) If you must use it, create a dedicated Feishu app with the minimum scopes needed, use short-lived tokens, and avoid exposing tenant/app secrets in a shared/local config. (4) Consider updating the skill to require explicit environment variables or to accept a user-provided token at runtime rather than reading local config files. (5) Test in an isolated account or sandbox before using it against important documents, because the API calls include deletion/clear operations that permanently remove content.Like a lobster shell, security has layers — review code before you run it.
latestvk97a684h1n48zrtgnxkf25ffh5838tjr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.