ClawHub

clawbox-link-to-docs

v1.0.0

Turn a user shared web link into two Feishu docs: (1) full original text archive with minimal loss and clear source metadata, and (2) structured analysis sum...

0· 246·0 current·0 all-time
by@zhao0112
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is to create two Feishu docs from a web link, but the package declares no Feishu credential, API endpoint, or connector. Creating/updating Feishu documents normally requires a token or platform connector; the absence of any declared auth/credentials is incoherent with the claimed capability.
Instruction Scope
SKILL.md instructs the agent to fetch web content, use alternative extraction paths (including a browser or manual capture), preserve original language/structure, and write/read back docs. These steps are scoped to the stated purpose, but are vague about how extraction and browser capture should be performed and about where auth for Feishu comes from. The instructions do not direct the agent to read unrelated local files or to exfiltrate data to third parties.
Install Mechanism
There is no install spec (instruction-only), which minimizes on-disk risk. However, because extraction may require a headless browser or other tooling, the skill's lack of install instructions leaves a capability gap (not a direct install risk).
!
Credentials
No environment variables, tokens, or config paths are declared even though the skill clearly needs Feishu access and possibly browser tooling. Either the platform provides a Feishu connector implicitly (not documented here) or the skill omits required credentials—this mismatch is a proportionality and transparency concern.
Persistence & Privilege
The skill does not request always:true and does not declare persistent system changes. It appears not to request elevated or persistent privileges in its metadata.
Scan Findings in Context
[no_code_files] expected: The scanner found no code files (skill is instruction-only). This is common for skills that rely on the agent runtime and external connectors, but absence of code does not guarantee safety or clarify how external services (Feishu, browser) will be accessed.
What to consider before installing
This skill says it will fetch an article and create two Feishu docs, but it does not declare how it will authenticate to Feishu or what tooling it will use to extract content. Before installing or enabling it: (1) Verify how your agent/runtime will provide Feishu access — is there a platform connector or will you need to supply a Feishu API token? If a token is required, confirm what scopes are needed and limit them to only create/update docs. (2) Ask the skill author (or your platform) for details on the extraction method: does it use a headless browser, external scraping service, or simple HTML parsing? Understand any network endpoints involved. (3) Test the skill only with non-sensitive public URLs first and review the created docs and logs. (4) If you cannot confirm where Feishu credentials come from, treat the skill as untrusted until the auth path is documented or required env vars are declared.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehy8max8aq7f3aetyf6rpas8205f8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ClawBox Link to Docs

Execute this workflow when user sends a URL and expects both source doc and analysis doc.

Workflow

  1. Fetch source content

    • Try readable extraction from the URL.
    • If redirected or homepage only content is returned, switch to alternative extraction path (browser or manual source capture) before proceeding.
    • Preserve original language and paragraph order.

  2. Create or update two Feishu docs

    • Doc A: [Source] <title>
    • Doc B: [Analysis] <title>

  3. Write Source doc (complete first)

    • Include source URL and capture time.
    • Write full original text with paragraph breaks.
    • Do not replace with short summary.
    • If extraction is partial, label clearly: Partial Capture plus missing scope note.

  4. Write Analysis doc (structured)

    • Use the template in references/analysis-template.md.
    • Keep concise and decision oriented.

  5. Quality gates (required)

    • Read back both docs after write.
    • Source doc fails if it is one line, too short, or clearly summary like.
    • If fail, rewrite once with better segmentation/chunking.

  6. Report back to user

    • Return two doc links.
    • State completion status: Full Capture or Partial Capture.

Non-negotiables

  • Default output is always two docs for a link task.
  • Source doc priority is fidelity over formatting.
  • Never claim full if content is truncated or fallback source is incomplete.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…