feishu-doc-editor

The skill bundle provides extensive instructions and `bash` examples for interacting with the Feishu OpenAPI, including obtaining access tokens, reading, writing, updating, and deleting document content. While the stated purpose is legitimate, the numerous `curl` and shell script examples (e.g., in `references/api-guide.md`, `references/common-errors.md`) introduce a significant risk of shell injection if the OpenClaw agent does not rigorously sanitize user-provided inputs before executing these commands. Additionally, the `log_error` function in `references/common-errors.md` performs file write operations to `/tmp/feishu_api_errors.log`, which, while intended for debugging, represents a capability that could be misused if parameters were controllable. These capabilities, though plausibly needed for the skill's function, elevate the classification to suspicious due to the potential for exploitation in an AI agent execution environment.