Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Power Skill
v1.0.0飞书深度自动化 Skill。多维表格批量操作、跨表关联查询、模板化文档生成、零售运营审计、定时报告调度。触发词:飞书自动化、bitable批量、多维表格、飞书报告、跨表查询、数据快照、门店审计、运营诊断、定时报告、报告调度。
⭐ 0· 659·3 current·3 all-time
by@zj00777
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and SKILL.md match the described purpose (Bitable automation, doc generation, retail audit, scheduler). However the registry metadata lists no required environment variables or primary credential, while the project clearly expects FEISHU_APP_ID and FEISHU_APP_SECRET (used by feishu_api.py and described in SKILL.md/README). This mismatch between declared metadata and actual needs is an incoherence worth flagging.
Instruction Scope
SKILL.md instructs the agent/user to set FEISHU_APP_ID/FEISHU_APP_SECRET and to run included scripts. The code does more than just read/write docs: report_generator can (via 'custom' jobs) run arbitrary local scripts (subprocess) and the scheduler writes a state file (.report_state.json) into the repository path. report_generator also temporarily injects placeholder FEISHU_* env vars to allow imports when creds are missing. These behaviors broaden the skill's runtime scope beyond simple API calls and could lead to unexpected local actions if enabled in a schedule.
Install Mechanism
There is no remote download/install-from-URL; install.sh only runs local checks and pip install requests pyyaml, and can create a symlink under ~/.openclaw/skills. No archives are fetched from unknown hosts by the installer itself (pip will contact PyPI). This is a low-to-moderate install risk but not unusual for Python projects.
Credentials
The skill requires Feishu application credentials (FEISHU_APP_ID, FEISHU_APP_SECRET) to operate, but the registry metadata declares no required env vars or primary credential. The code enforces those creds in feishu_api.get_token(). Requesting tenant-level Feishu credentials is proportionate to the stated integration, but the absence of that requirement in metadata is an inconsistency that could mislead users. Also note the code includes a built-in test table id and the ability to publish documents to the tenant — ensure the app permissions are scoped appropriately.
Persistence & Privilege
always:false (no forced global inclusion). The installer may create a symlink into ~/.openclaw/skills, and the scheduler writes a .report_state.json state file in the repo parent and may save generated reports to /tmp or configured local paths. Those are reasonable for a scheduler but users should be aware it will persist state and can link into their OpenClaw skills directory.
What to consider before installing
What to check before installing:
- Credentials: This skill needs FEISHU_APP_ID and FEISHU_APP_SECRET (feishu_api.py). The registry metadata does not declare those—do not assume none are needed. Create a Feishu app with the minimal permissions required and use those credentials, not high-privilege tenant keys if avoidable. Rotate the credentials after testing.
- Review schedule.yaml: The scheduler can execute arbitrary local scripts (custom jobs) and will run enabled jobs automatically when you run report_generator.py. If you enable scheduled jobs, verify each job's params (script path, publish flag, folder_token, app tokens) so it cannot run unexpected commands or publish sensitive data.
- Isolation: Run first in an isolated environment (non-production account or VM/container) and inspect outputs. The installer links into ~/.openclaw/skills and report_generator creates .report_state.json and may write reports to disk—ensure those file locations are acceptable.
- Code audit: Because the repository contains all code, scan for any hidden endpoints or hardcoded secrets (none were found in this package), and confirm that publishing actions (docx create/write) target the intended Feishu tenant/folders.
- If you don't need scheduling or custom-script features, avoid enabling them (set jobs disabled) to reduce blast radius.
Given the coherent functionality but metadata omission and scheduler/script execution capability, treat this as potentially useful but verify credentials, permissions, and scheduled jobs before use.Like a lobster shell, security has layers — review code before you run it.
latestvk977t6gyaq0ary1m5xy1pakg9981j7ew
License
MIT-0
Free to use, modify, and redistribute. No attribution required.