← 返回 Skills 市场

Feishu Evolver Wrapper (Fixed)

Name: Feishu Evolver Wrapper (Fixed)
Author: foras910521-lab

作者 foras910521-lab · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install feishu-evolver-wrapper-ganyu

功能描述

Feishu-integrated wrapper for the capability-evolver. Manages the evolution loop lifecycle (start/stop/ensure), sends rich Feishu card reports, and provides...

使用说明 (SKILL.md)

Feishu Evolver Wrapper

A lightweight wrapper for the capability-evolver skill. It injects the Feishu reporting environment variables (EVOLVE_REPORT_TOOL) to enable rich card reporting in the Master's environment.

Usage

# Run the evolution loop
node skills/feishu-evolver-wrapper/index.js

# Generate Evolution Dashboard (Markdown)
node skills/feishu-evolver-wrapper/visualize_dashboard.js

# Lifecycle Management (Start/Stop/Status/Ensure)
node skills/feishu-evolver-wrapper/lifecycle.js status

Architecture

Evolution Loop: Runs the GEP evolution cycle with Feishu reporting.
Dashboard: Visualizing metrics and history from assets/gep/events.jsonl.
Export History: Exports raw history to Feishu Docs.
Watchdog: Managed via OpenClaw Cron job evolver_watchdog_robust (runs lifecycle.js ensure every 10 min).
- Replaces fragile system crontab logic.
- Ensures the loop restarts if it crashes or hangs.

安全使用建议

This skill contains substantial Node.js code (daemon/watchdog, filesystem and process manipulation, Feishu API callers) but the registry entry claims no required env vars and the SKILL.md lists only simple run commands. Before installing or running: 1) Review all code (especially index.js, lifecycle.js, report.js, export_history.js, issue_tracker.js) and confirm you are comfortable with it accessing your OpenClaw workspace, memory/, logs/, and assets/ files. 2) Do not provide Feishu tokens (FEISHU_APP_ID/FEISHU_APP_SECRET or FEISHU_EVOLVER_DOC_TOKEN) or OpenClaw credentials unless you trust the source; the code will read token files and call Feishu APIs. 3) Expect the skill to spawn background processes and write pid/log files; run it in an isolated/sandboxed environment or container if you want to limit host impact. 4) If you need to use it, minimize secrets given to it and prefer read-only tokens where possible; consider creating a dedicated Feishu app/account scoped only to reporting. 5) The package uses local paths and a local "evolver" dependency — ensure those paths match your setup or the code will try to access unexpected filesystem locations. Finally, because the metadata omitted required env variables and the code exercises system-level actions, treat this skill as higher-risk unless you can fully audit and sandbox it.

功能分析

Type: OpenClaw Skill Name: feishu-evolver-wrapper-ganyu Version: 1.0.0 This bundle is a highly privileged lifecycle manager for an autonomous AI 'evolution' loop, integrating with Feishu for reporting and dashboarding. It exhibits several high-risk behaviors, including automated Git synchronization (add/commit/push), persistence via OpenClaw cron jobs and background daemons (lifecycle.js), and the ability to monitor and 'auto-heal' other skills (skills_monitor.js). A critical security risk is present in index.js, which uses a 'new Function' constructor to evaluate potentially untrusted, LLM-generated JSON payloads. While the bundle includes defensive features like a secret scanner (feishu-helper.js) to prevent credential leakage and circuit breakers to stop failing loops, the combination of broad shell execution and autonomous code modification capabilities warrants a suspicious classification.

能力评估

ℹ Purpose & Capability

The name/description (Feishu wrapper for capability-evolver) matches the code's purpose: lifecycle management, reporting, dashboarding. However the bundle contains many implementation details (process management, cron/watchdog, file cleanup, daemon spawning, pid manipulation, calls into local 'evolver' package) that go beyond a minimal 'reporting wrapper'. Some hard-coded default paths (/Users/foras/.openclaw/...) and a local package dependency ("evolver": "file:../evolver") indicate this was written for a specific environment and will attempt to access the host workspace.

⚠ Instruction Scope

SKILL.md shows only three simple node commands, but the included code (index.js, lifecycle.js, daemon.sh, report.js, export_history.js, issue_tracker.js, etc.) performs broad actions: reading/writing many workspace files (memory, logs, assets/gep/events.jsonl), deleting old logs, reading token files (memory/feishu_token.json), spawning/killing processes, exec/execSync/spawn child processes, scanning /proc on Linux, and invoking other local scripts. The runtime instructions do not enumerate these behaviors or the many environment variables and files the code uses.

ℹ Install Mechanism

No external install spec or remote downloads are present (instruction-only install), which reduces supply-chain risk. However package.json declares a local dependency (file:../evolver) and many code files assume a local OpenClaw workspace layout. There is no network-based installer, but the skill will write files and spawn daemons on the host when run.

⚠ Credentials

Registry metadata declared no required env vars or primary credential, but the code references and expects many environment values and secrets (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_EVOLVER_DOC_TOKEN, OPENCLAW_MASTER_ID, various FEISHU_* and OPENCLAW_* vars). The code also reads token files from the workspace (memory/feishu_token.json) — this is sensitive and not declared. The set of env vars and file accesses is broader than what the SKILL.md or registry metadata indicate.

ℹ Persistence & Privilege

The skill does not request always:true, and it is user-invocable only. Nonetheless it spawns persistent processes/daemons, writes pid files, can kill other processes, and manages cron/watchdog logic via the OpenClaw CLI. Those privileges are plausible for a lifecycle wrapper, but because they enable long-running background activity and process control, they increase the blast radius if combined with undisclosed credentials or autonomous invocation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install feishu-evolver-wrapper-ganyu
安装完成后，直接呼叫该 Skill 的名称或使用 /feishu-evolver-wrapper-ganyu 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

修复：使用 config.resolveEvolverCore() 替代 possibleDirs 猜测，添加 config.js 集中路径配置

元数据

Slug feishu-evolver-wrapper-ganyu

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题