← 返回 Skills 市场
Feishu Doc
作者
autogame-17
· GitHub ↗
· v1.2.7
9143
总下载
8
收藏
293
当前安装
2
版本数
在 OpenClaw 中安装
/install feishu-doc
功能描述
Fetch content from Feishu (Lark) Wiki, Docs, Sheets, and Bitable. Automatically resolves Wiki URLs to real entities and converts content to Markdown.
安全使用建议
Install only if you intend to grant this skill write-capable Feishu credentials, not just read access. Review and preferably remove or isolate helper scripts for permission grants, IM file downloads, hard-coded Bitable setup, and bundled cache files; use least-privilege Feishu app scopes and avoid shared on-disk token storage where possible.
功能分析
Type: OpenClaw Skill
Name: feishu-doc
Version: 1.2.7
The skill is suspicious due to critical vulnerabilities in its authentication and file handling mechanisms. The `lib/auth.js` file loads environment variables from parent directories (e.g., `../../../.env`) and stores Feishu access tokens unencrypted in a shared cache file (`../../../memory/feishu_token.json`), posing a significant risk of credential exposure and token theft. Additionally, scripts like `append_simple.js` and `download_file.js` allow reading from and writing to arbitrary local file paths, which could be exploited by a compromised agent to access or modify sensitive system files. While the skill's core purpose of interacting with Feishu documents is benign, these vulnerabilities could enable malicious actions if exploited.
能力评估
Purpose & Capability
The main SKILL.md discloses read, create, write, append, and block operations, so write access is not fully hidden; however the registry/package/README framing is more read-oriented, while code also includes destructive overwrite/delete, edit-permission grants, IM file download, and hard-coded Bitable setup utilities beyond the stated document-fetching purpose.
Instruction Scope
Mutating actions are user-invoked rather than automatic, but overwrite deletes existing document children before inserting replacement content and append/create/share operations have no built-in confirmation, preview, dry-run, or target validation.
Install Mechanism
The package is a normal Node skill with no evident postinstall or automatic execution path; package metadata is inconsistent across files and the artifact includes cached Feishu outputs, but install itself does not appear to run code.
Credentials
Feishu network access and app credentials are expected, but auth reads parent-directory .env files, stores tenant tokens in a shared memory path, and helper scripts can write downloaded files to caller-supplied local paths.
Persistence & Privilege
The skill can persist changes in Feishu documents and Bitable tables, can grant edit access to a supplied user ID in create.js, and persists tenant access tokens on disk outside a skill-private cache.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-doc - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-doc触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.7
Version 1.2.7 of feishu-doc
- No code or documentation changes detected in this release.
- All functionality and usage remain the same as the previous version.
v1.2.6
Re-publish after account restoration
元数据
常见问题
Feishu Doc 是什么?
Fetch content from Feishu (Lark) Wiki, Docs, Sheets, and Bitable. Automatically resolves Wiki URLs to real entities and converts content to Markdown. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 9143 次。
如何安装 Feishu Doc?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-doc」即可一键安装,无需额外配置。
Feishu Doc 是免费的吗?
是的,Feishu Doc 完全免费(开源免费),可自由下载、安装和使用。
Feishu Doc 支持哪些平台?
Feishu Doc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu Doc?
由 autogame-17(@autogame-17)开发并维护,当前版本 v1.2.7。
推荐 Skills