← Back to Skills Marketplace

Storage Manager

Name: Storage Manager
Author: ruoruochen

by ruoruochen · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install storage-manager

Description

飞书收纳管家完整版 - 智能位置匹配 + 位置图片管理 + 一键入库

Usage Guidance

What to consider before installing: - Do not rely on the code's defaults. The package includes hard-coded Feishu credentials/tokens in several Python files; if you don't supply your own FEISHU_* environment variables, images and records will be uploaded to the account tied to those defaults. Treat that as potential data exfiltration. - Recommended immediate steps before use: 1) Inspect the code files (final_integrated.py, complete_system.py, location_image_manager.py, etc.) and remove or replace any hard-coded FEISHU_APP_ID / FEISHU_APP_SECRET / FEISHU_BITABLE_TOKEN / FEISHU_TABLE_ID values. Ensure they are not present in the deployed copy. 2) Provide your own Feishu credentials via environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID) and verify the code reads them (it does, but defaults exist). Test with throwaway data first. 3) If you do not control the Feishu app the code would use (i.e., you don't know the owner of the hard-coded credentials), do not run the skill with real/personal images or sensitive data. 4) Consider running the tool in an isolated environment (container/VM) and monitor network calls (to confirm they go to your configured app and not elsewhere). 5) If you will install via the provided install.sh, review the script and remove or modify the symlink creation step if you prefer not to alter ~/.local/bin automatically. - If you are not comfortable auditing or editing the code, avoid installing this skill or request a version from the author that does not contain embedded secrets and that properly declares required environment variables in its metadata.

Capability Analysis

Type: OpenClaw Skill Name: storage-manager Version: 1.0.1 The skill bundle contains hardcoded sensitive credentials, specifically a Feishu App Secret ('HHEZEDoNZwfNdoediXiGSbaRFKDmpB71') and Bitable tokens, across multiple files including complete_system.py, final_integrated.py, and storage_manager_final.py. While these appear to be default or test credentials for a specific Feishu Bitable instance, hardcoding secrets is a critical security vulnerability. Furthermore, the SKILL.md instructions explicitly direct the AI agent to operate 'without user confirmation' for its smart matching logic, which increases the risk of unintended data modification.

Capability Tags

requires-oauth-token

Capability Assessment

⚠ Purpose & Capability

Name/description, SKILL.md, and code all match: this is a Feishu Bitable + image upload storage manager, so network access to open.feishu.cn and image upload capabilities are expected. However the registry metadata did not declare the FEISHU_* environment variables even though SKILL.md and the code require them. That mismatch (metadata says no required env vars; documentation and code require credentials) is a coherence problem and surprising for a skill that integrates with an external service.

⚠ Instruction Scope

SKILL.md instructs the agent/user to set FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID and to run CLI commands. The runtime code uploads files and creates records via Feishu APIs (open.feishu.cn). The instructions do not ask for unrelated system data, but the code will accept image files from disk and upload them to Feishu — expected for purpose. The concern is that the runtime will proceed using built-in defaults (hard-coded credentials) if you don't set env vars, causing data to be sent to a third-party account without explicit notice.

ℹ Install Mechanism

There is no platform install spec (instruction-only), which is lower risk. An included install.sh exists and will install requests (pip3), chmod files, and create a symlink under ~/.local/bin/storage-manager — standard for a CLI tool. No remote downloads or archive extraction from untrusted URLs were seen. Install script writes into the user home (~/.local/bin) which is typical for user-level CLI installs.

⚠ Credentials

The skill logically needs Feishu credentials, and SKILL.md documents FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_BITABLE_TOKEN/FEISHU_TABLE_ID. But the skill metadata did not declare these as required. Worse, multiple code files (e.g., final_integrated.py, complete_system.py, location_image_manager.py) include default hard-coded values for app_id, app_secret, bitable_token and table_id. Those embedded secrets are disproportionate and risky: if you don't override them, your uploads/records will go to the account tied to those defaults.

✓ Persistence & Privilege

The skill is not force-enabled (always:false) and does not request system-wide privileges. The install script creates a user-level symlink and example .env file — typical for CLI tools. The skill does not modify other skills' configurations or require platform-level persistence beyond a user-installed CLI.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install storage-manager
After installation, invoke the skill by name or use /storage-manager
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

**v1.0.1 – Major "Complete Edition" Release** - Introduced smart location matching: system auto-matches input positions (~75%+ similarity) to existing locations. - Added position image management: each storage location now supports and encourages a visual/photo label. - Expanded CLI with new commands (e.g., add-location-photo) and a more intelligent interface. - Enhanced documentation: detailed usage guides, architecture overview, and FAQ in SKILL.md. - Added multiple new core modules, including smart matching and photo management. - Improved storage logic: items now reference both their own image and the location’s visual tag for quick recognition.

v1.0.0

Initial release of Storage Manager – 飞书多维表格收纳管家: - Adds tool for recording items and storage locations, with optional image support. - Enables searching for stored items and retrieving their location and image link. - Allows updating the storage location of an existing item. - Integrates with 飞书多维表格 via open APIs. - Provides CLI usage examples and clear setup guidance for environment variables and 飞书 app permissions.

Metadata

Slug storage-manager

Version 1.0.1

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 2

Frequently Asked Questions

What is Storage Manager?

飞书收纳管家完整版 - 智能位置匹配 + 位置图片管理 + 一键入库. It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install Storage Manager?

Run "/install storage-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Storage Manager free?

Yes, Storage Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Storage Manager support?

Storage Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Storage Manager?

It is built and maintained by ruoruochen (@ruoruochen); the current version is v1.0.1.

More Skills