← Back to Skills Marketplace
abigale-cyber

Feishu User Auth

by Abigale-cyber · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
86
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install feishu-user-auth
Description
Complete one-time Feishu browser authorization and cache a local `user_access_token` so later `feishu-bitable-sync` runs can write Bitable rows as the curren...
README (SKILL.md)

feishu-user-auth

在当前租户下,如果 tenant_access_token 不能稳定写多维表,先运行这个 skill。

它会:

  • 打开浏览器进入飞书授权页
  • 通过本地回调地址接收授权码
  • 换取 user_access_token + refresh_token
  • 缓存在本机 ~/.codex/feishu-auth/content-system-sync.json

运行前请确认:

  • 已配置 FEISHU_APP_ID
  • 已配置 FEISHU_APP_SECRET
  • 飞书应用已开通网页应用能力
  • 飞书应用回调地址已包含 http://127.0.0.1:14578/callback

输出:

  • content-production/published/YYYYMMDD-feishu-user-auth.md

授权成功后,再运行 feishu-bitable-sync 即可按用户身份写多维表。

Usage Guidance
This skill appears to do exactly what it says (perform Feishu OAuth in a browser and cache a user token), but there are a few things you should verify before installing: - Provide FEISHU_APP_ID and FEISHU_APP_SECRET: SKILL.md/README require these, but the registry metadata doesn't declare them — ensure you only set credentials you trust to this skill and that you understand which app is being authorized. - Inspect skill_runtime.feishu_auth: runtime.py delegates OAuth work to skill_runtime.feishu_auth (not included here). Review that module's code (network endpoints it calls, where it stores tokens, and whether it transmits tokens anywhere) before running the skill. - Confirm callback behavior and local server: the skill opens your browser and listens on 127.0.0.1:14578/callback. Ensure that port is acceptable in your environment and that nothing else sensitive will be exposed. - Confirm token storage location: tokens are cached under ~/.codex/feishu-auth/content-system-sync.json. If you have policies about where credentials may be stored, verify or change this path. - Dependency handling: README mentions a requirements.txt; the package doesn't include dependencies. Make sure the runtime environment provides the expected dependencies or install them from trusted sources. If you can't review skill_runtime.feishu_auth or confirm the app credentials and storage behavior, do not install or run the skill. If you do proceed, run it in a controlled environment and monitor network traffic during the authorization to ensure tokens are not sent to unexpected endpoints.
Capability Analysis
Type: OpenClaw Skill Name: feishu-user-auth Version: 1.0.0 The skill implements a standard OAuth2 authorization flow for Feishu, allowing an agent to obtain and cache user tokens locally. It uses a local loopback address (127.0.0.1:14578) for the authorization callback and stores credentials in a local directory (~/.codex/feishu-auth/), which is standard behavior for CLI-based authentication tools. The code in runtime.py and instructions in SKILL.md are consistent with the stated purpose and do not exhibit signs of data exfiltration, malicious execution, or prompt injection.
Capability Tags
requires-oauth-token
Capability Assessment
Purpose & Capability
The skill's stated purpose (browser-based Feishu OAuth to obtain and cache a user_access_token) matches the runtime code and README. However, the registry metadata claims 'Required env vars: none' while SKILL.md and README explicitly require FEISHU_APP_ID and FEISHU_APP_SECRET — this mismatch is unexplained and should be corrected. The skill also imports functions from skill_runtime.feishu_auth (not included in this package), which is expected for OAuth behavior but increases reliance on external runtime code.
Instruction Scope
SKILL.md and runtime.py only describe actions consistent with the stated purpose: opening a browser, running a local callback server (http://127.0.0.1:14578/callback), exchanging an authorization code for user tokens, and caching them under ~/.codex/feishu-auth/content-system-sync.json. The code reads an input markdown for an optional timeout value and writes a manifest to content-production/published — these are within scope.
Install Mechanism
There is no install spec (instruction-only install), which is lower risk, but the README references a requirements.txt and a separate feishu_auth.py under a runtime library path. The skill bundle does not include that feishu_auth implementation or dependency list, so behavior depends on the agent runtime's library (skill_runtime.feishu_auth). You should confirm that the runtime-provided feishu_auth implementation is trustworthy.
Credentials
The skill requires FEISHU_APP_ID and FEISHU_APP_SECRET to function (per README and SKILL.md) but the registry metadata fails to declare any required environment variables. This omission is a red flag because it hides the need for app credentials. The token cache is stored locally (~/.codex/feishu-auth/...), which is proportionate for the stated purpose, but you should verify that cached tokens are only written locally and not transmitted elsewhere by the runtime library.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes to its own cache and an output manifest in the workspace. Running a local callback server and opening a browser are normal for OAuth flows and are explicitly documented.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install feishu-user-auth
  3. After installation, invoke the skill by name or use /feishu-user-auth
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Sync latest content-system skill docs and runtime implementation
Metadata
Slug feishu-user-auth
Version 1.0.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Feishu User Auth?

Complete one-time Feishu browser authorization and cache a local `user_access_token` so later `feishu-bitable-sync` runs can write Bitable rows as the curren... It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.

How do I install Feishu User Auth?

Run "/install feishu-user-auth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Feishu User Auth free?

Yes, Feishu User Auth is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Feishu User Auth support?

Feishu User Auth is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Feishu User Auth?

It is built and maintained by Abigale-cyber (@abigale-cyber); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments