Feishu Task Manager
v1.0.0飞书任务管理 - 创建、查询、更新和删除飞书任务。Use when user mentions 飞书任务、创建任务、指派任务、任务管理。 Triggers: - "创建一个飞书任务" - "帮我在飞书里添加任务" - "查看我的飞书任务" - "更新/修改/删除飞书任务" - "给XXX指派任务
⭐ 2· 1.2k·29 current·30 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, README, SKILL.md, and code all implement Feishu task create/read/update/delete functionality and call the official open.feishu.cn API — that is coherent with the stated purpose. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and the code require FEISHU_APP_ID and FEISHU_APP_SECRET, an important mismatch.
Instruction Scope
SKILL.md instructs the agent and user to set FEISHU_APP_ID/FEISHU_APP_SECRET and shows example CLI/Python usage that only interacts with the Feishu API. The instructions do not ask the agent to read unrelated system files or send data to unexpected endpoints. They remain within the task-management scope.
Install Mechanism
There is no automated install spec (instruction-only skill + code file). README suggests manual git clone/copy into the OpenClaw skills directory. No downloads from arbitrary URLs or extract steps in the package metadata — lower install risk. Still, the README references an external GitHub repo; verify that source before cloning.
Credentials
The code and SKILL.md require two sensitive environment variables (FEISHU_APP_ID and FEISHU_APP_SECRET) which are appropriate for Feishu API access, but the skill manifest in the registry lists none and does not declare a primary credential. This omission is disproportionate (metadata should declare these secrets). Also verify the skill does not attempt to read other env vars or config files at runtime (the visible code reads only these two).
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills or global agent settings automatically. README shows a manual step to add env to ~/.openclaw/openclaw.json, which is a normal installation option but should be done consciously by the user.
What to consider before installing
This skill mostly does what it says (talks to open.feishu.cn to manage tasks), but the registry metadata failing to declare required Feishu credentials is a red flag. Before installing: 1) Confirm the full scripts/task_client.py file (the provided snippet was truncated) and review it end-to-end for any hidden network calls or uploads. 2) Verify the GitHub repo/author (README links to https://github.com/youyoude/feishu-task) and check commit history. 3) Only provide FEISHU_APP_ID / FEISHU_APP_SECRET for an app you control and with the minimum required permissions (task:task:write and task:task:readonly). 4) Prefer setting app credentials scoped to a test account/org rather than using broad tenant credentials. 5) If you cannot review the full code or the registry metadata is not fixed to declare the required env vars, treat installation as higher risk and do not install in production environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97fm7qa5w8ktg514f3egkdfw582atxy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.