Feishu Docs
v0.1.3飞书文档管理工具,支持读取、创建、更新、删除飞书文档,导入本地文件为飞书文档,以及列出文件夹内容。用于在 Claude Code 中管理飞书云文档。
⭐ 3· 1.2k·5 current·6 all-time
by@upupc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, README, package.json, and scripts/index.js consistently implement a Feishu (飞书) document management CLI. Required env vars (FEISHU_APP_ID, FEISHU_APP_SECRET) and node binary are appropriate. Minor metadata inconsistency: registry metadata lists source/homepage as unknown/none while SKILL.md and README reference a GitHub URL (https://github.com/upupc/feishu-docs); confirm the package origin before use.
Instruction Scope
Runtime instructions and code stay within scope: they read local files the user specifies, upload files to Feishu, create/import/update/delete docs, and write local output files (e.g., doc-{id}.json). No instructions request unrelated system files, extra environment variables, or transmit data to unexpected external endpoints beyond the Feishu/Open API domain.
Install Mechanism
No install spec is provided (instruction-only install), and the code is Node.js-based with standard dependencies (@larksuiteoapi/node-sdk, commander, dotenv). There are no downloads from arbitrary URLs or extracted archives in the skill manifest. Node is required to run the included scripts.
Credentials
Only FEISHU_APP_ID and FEISHU_APP_SECRET (and optional FEISHU_DOMAIN) are required, which is proportional for a self-built Feishu app integration. The README and SKILL.md clearly list the high-scope permissions the app needs (docx:document, drive:drive, drive:file, drive:importTask, auth:tenant) — these are necessary for the declared features but grant broad access to documents and files, so limit usage to trusted apps/accounts.
Persistence & Privilege
The skill does not request permanent platform-wide presence (always is false) and does not modify other skills or global agent config. It reads/writes files only in the working directory as part of its CLI behavior and requires explicit invocation to run.
Assessment
This skill appears to implement a legitimate Feishu Docs CLI and asks for the expected App ID and App Secret. Before installing: 1) Verify the package/source (SKILL.md references a GitHub repo but the registry metadata omitted a homepage) to avoid malicious forks; 2) Only grant the app the minimum necessary tenant permissions and use a dedicated, limited-scope Feishu self-built app (do not reuse highly privileged or personal credentials); 3) Be aware the tool can read any local file you pass to its commands and will upload it to Feishu — do not pass sensitive local files unless you intend them to be uploaded; 4) Review the included scripts/index.js yourself (or have an engineer do so) if you need higher assurance, since the skill will execute Node code locally when invoked.Like a lobster shell, security has layers — review code before you run it.
latestvk9725qrqx5c5bs3ccmb918dn2h81bg6h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode
EnvFEISHU_APP_ID, FEISHU_APP_SECRET