← Back to Skills Marketplace

Sql To Doc

Name: Sql To Doc
Author: runkecheng

by runkecheng · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

101

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sql-to-doc

Description

执行SQL查询并将结果按照指定模板整理后写入飞书云文档。适用于数据周报、数据汇总、统计报告等场景。

Usage Guidance

This skill looks plausible for automating DataWorks→Feishu reports, but there are inconsistencies you should resolve before installing or granting credentials: - Ask the publisher why no Feishu credentials are declared. Creating Feishu docs and sending IMs normally requires Feishu app tokens (APP_ID/APP_SECRET or API token). Do not provide broad Feishu or platform tokens until you confirm exact required scopes. - Confirm what META_CENTER_TOKEN grants. Limit tokens to least privilege (only access to the specific DataWorks project and read-only SQL execution if possible). - Request details about the 'feishu_create_doc' and 'feishu_im_user_message' helpers: are they platform-provided, audited internal actions, or custom scripts? Prefer well-known, documented integration points. - Because the skill uses exec to call DataWorks OpenAPI, test it first in a safe environment (non-production project) to confirm it only runs intended queries. - Prefer a published source or homepage and a verifiable owner. The package has unknown source — that raises supply-chain risk. If the publisher provides the missing credential requirements, limited-scope tokens, and a clear explanation of the helper tools, the skill would be more coherent. Until then treat it with caution and avoid exposing high-privilege credentials.

Capability Analysis

Type: OpenClaw Skill Name: sql-to-doc Version: 1.0.0 The sql-to-doc skill (SKILL.md) enables arbitrary SQL execution on MaxCompute and Jinja2 template rendering to automate Feishu document creation. These are high-risk capabilities that introduce potential for SQL injection and Server-Side Template Injection (SSTI), though they appear aligned with the stated purpose. No evidence of intentional malice, unauthorized data exfiltration, or prompt injection was found.

Capability Assessment

⚠ Purpose & Capability

The skill claims to create Feishu cloud documents and send Feishu IM notifications, but requires only META_CENTER_TOKEN and DATAWORKS_PROJECT. There is no declared Feishu credential (e.g., FEISHU_TOKEN, APP_ID/APP_SECRET) even though the instructions call feishu_create_doc and feishu_im_user_message. This is an incoherence: creating documents in Feishu normally requires Feishu auth.

⚠ Instruction Scope

SKILL.md instructs the agent to execute SQL via DataWorks OpenAPI (via exec), transform results into Python objects, render Jinja2 templates, and call Feishu creation/notification tools. The instructions assume availability of Jinja2 and of feishu_* helper actions. They do not reference or limit what 'exec' will run, which grants broad discretion to run arbitrary commands against DataWorks OpenAPI — expected for the task but worth noting. The instructions do not ask to read unrelated system files, but they rely on implicit runtime tools and credentials that are not declared.

✓ Install Mechanism

No install spec and no code files (instruction-only). This reduces the risk of arbitrary code being written to disk. No third-party packages are being fetched by the skill itself.

⚠ Credentials

Only META_CENTER_TOKEN and DATAWORKS_PROJECT are declared. For full functionality, additional credentials (Feishu app token/credentials, or other DataWorks auth) are typically required. META_CENTER_TOKEN's scope is unspecified — it could grant wide access beyond what's needed. The minimal declared envs do not justify the Feishu operations described, creating a proportionality mismatch.

✓ Persistence & Privilege

always is false and there is no install step that writes persistent files or modifies other skills. The skill can be invoked autonomously by the agent (default), which is normal; this is not combined with 'always: true' or other elevated persistence requests.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sql-to-doc
After installation, invoke the skill by name or use /sql-to-doc
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- 首次发布：提供“SQL查询→模板整理→飞书文档写入”完整流程自动化。 - 支持连接 MaxCompute/DataWorks 执行 SQL 并用 Jinja2 模板整理结果。 - 可将整理后的数据自动写入飞书知识库或云空间，并返回文档链接。 - 支持全流程参数配置，包括 SQL、模板、文档标题、目标位置及通知对象。 - 适用于周报自动生成、数据汇总统计、一次性报告等多种场景。

Metadata

Slug sql-to-doc

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Sql To Doc?

执行SQL查询并将结果按照指定模板整理后写入飞书云文档。适用于数据周报、数据汇总、统计报告等场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.

How do I install Sql To Doc?

Run "/install sql-to-doc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sql To Doc free?

Yes, Sql To Doc is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Sql To Doc support?

Sql To Doc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sql To Doc?

It is built and maintained by runkecheng (@runkecheng); the current version is v1.0.0.

More Skills