ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-doc-editor

v1.0.0

Feishu document creation and editing operations using OpenAPI. Activate when user needs to create, edit, or read Feishu documents programmatically.

1· 1.7k·14 current·15 all-time
bytoken@zhuligu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description (Feishu document create/edit via OpenAPI) match the included SKILL.md and reference docs. However, the skill metadata declares no required environment variables or primary credential even though all runtime examples require an app_id/app_secret (to obtain tenant_access_token) or an existing tenant_access_token. That missing declaration is an incoherence: a Feishu API integration legitimately needs credentials but the skill metadata does not request them.
Instruction Scope
SKILL.md and the reference files contain concrete, scoped instructions for obtaining a tenant_access_token, calling Feishu doc APIs (create/read/update/delete blocks), and configuring app/document permissions. The instructions do not direct the agent to read unrelated system files or call external endpoints beyond open.feishu.cn. However, examples and debug snippets write logs (e.g., /tmp/feishu_api_errors.log) and show printing token values — these examples could lead to accidental secret exposure if adopted as-is.
Install Mechanism
Instruction-only skill with no install spec and no code files to be executed or downloaded. This minimizes install-time risk.
!
Credentials
The skill requires sensitive credentials at runtime (app_id/app_secret or a tenant_access_token) but the registry metadata lists no required env vars or primary credential. The reference scripts use variables like APP_ID, APP_SECRET, TOKEN and suggest storing/printing them. Absence of declared credential requirements is disproportionate and misleading; users need to know what secrets they must supply and how the skill will handle them.
Persistence & Privilege
always is false, no install actions, and the skill does not request persistent system privileges or change other skills' configs. There is no evidence it attempts to persist itself or gain elevated privileges.
What to consider before installing
This skill appears to be a legitimate Feishu doc API guide, but its metadata omits the fact that you must supply app credentials. Before installing or using it: (1) expect to provide sensitive values (app_id/app_secret) or a tenant_access_token — do not paste these into public chats; (2) review any scripts you run so they don't print or log full tokens (examples log to /tmp and echo tokens); (3) follow least-privilege: create an app with only the required doc permissions and limit its scope; (4) prefer generating a tenant_access_token at runtime (short-lived) and avoid storing permanent secrets in plaintext; (5) if you need offline/manual verification, confirm how the agent will accept credentials (environment variables, direct input, or other) — the skill metadata should be updated to declare required env vars before you rely on it.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ntxpew2vjx9m7mjj0j7nrd8171py

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments