← 返回 Skills 市场
owrig

feishu-task-management-skill

作者 @_@ · GitHub ↗ · v0.0.1 · MIT-0
cross-platform ⚠ suspicious
297
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-task-management-skill
功能描述
Manage Feishu tasks through a local Python toolkit that always has app credentials and can optionally act as a user for task APIs when OAuth user tokens are...
使用说明 (SKILL.md)

Feishu Task Management

Overview

Use this skill to operate Feishu Task through the companion toolkit in feishu-task-management/toolkit/. Keep the core workflow in this file: decide the command, resolve members locally, and apply the write-safety rules without loading extra references unless the request falls into an edge case.

Core Workflow

  1. Confirm the request is about Feishu task management through the local toolkit.
  2. Before the first API-backed operation, make sure the toolkit is configured. If not, use: python3 feishu-task-management/toolkit/scripts/feishu_config.py guide
  3. Treat app credentials as mandatory base config. Prefer the configured user_access_token for task APIs when available, but keep contact and member-sync operations on app auth.
  4. If the operation involves people, use the local member table through the toolkit. Do not perform ad hoc contact lookups.
  5. Choose the narrowest task command available instead of composing generic HTTP requests.
  6. For destructive or state-changing operations, inspect the current task first when practical.
  7. Stop if member resolution is ambiguous or missing.

Command Routing

Member Table Maintenance

  • Sync the authorized contact scope: python3 feishu-task-management/toolkit/scripts/feishu_members.py sync
  • Inspect sync state: python3 feishu-task-management/toolkit/scripts/feishu_members.py stats
  • Test a member lookup: python3 feishu-task-management/toolkit/scripts/feishu_members.py resolve --query "张三"
  • Validate manual aliases: python3 feishu-task-management/toolkit/scripts/feishu_members.py validate-aliases

Toolkit Configuration

  • Show configuration guidance: python3 feishu-task-management/toolkit/scripts/feishu_config.py guide
  • Write a local runtime config: python3 feishu-task-management/toolkit/scripts/feishu_config.py set --app-id ... --app-secret ...
  • Extend the config with existing user OAuth tokens: python3 feishu-task-management/toolkit/scripts/feishu_config.py set --app-id ... --app-secret ... --user-access-token ...
  • Inspect effective config: python3 feishu-task-management/toolkit/scripts/feishu_config.py show
  • Validate current config: python3 feishu-task-management/toolkit/scripts/feishu_config.py validate

Read Operations

  • Get one task: python3 feishu-task-management/toolkit/scripts/feishu_task.py get --task-guid ...
  • List tasks: python3 feishu-task-management/toolkit/scripts/feishu_task.py list

Write Operations

  • Create a task: python3 feishu-task-management/toolkit/scripts/feishu_task.py create --summary ...
  • Update core fields: python3 feishu-task-management/toolkit/scripts/feishu_task.py update --task-guid ...
  • Complete a task: python3 feishu-task-management/toolkit/scripts/feishu_task.py complete --task-guid ...
  • Reopen a task: python3 feishu-task-management/toolkit/scripts/feishu_task.py reopen --task-guid ...
  • Add members: python3 feishu-task-management/toolkit/scripts/feishu_task.py add-members --task-guid ... --member ...
  • Remove members: python3 feishu-task-management/toolkit/scripts/feishu_task.py remove-members --task-guid ... --member ...
  • Delete a task: python3 feishu-task-management/toolkit/scripts/feishu_task.py delete --task-guid ... --yes

Member Resolution

Use local resolution only, in this order:

  1. Explicit identifiers: open_id, user_id, email, mobile
  2. Manual alias mapping from feishu-task-management/toolkit/data/member_aliases.json
  3. Exact canonical matches on name, en_name, nickname, and email
  4. Limited fuzzy matching

Apply these safety rules:

  • Zero matches: stop and report that the member table or aliases need updating.
  • One match: proceed.
  • Multiple matches: stop and return the candidate list.

If the authorized scope only yields identifier fields without profile fields, natural-language matching depends on manual aliases. This does not change when task APIs later use a user token.

Write Safety Rules

  • Use the toolkit instead of constructing raw HTTP requests in the skill body.
  • Prefer dedicated commands over generic update payloads when a command exists.
  • Use dedicated completion commands instead of editing completed_at directly.
  • Treat origin as create-only.
  • Clear start and due explicitly instead of relying on omission.
  • Require explicit confirmation before deletion.

Supported v1 Scope

  • Create task
  • Get task
  • List tasks
  • Update summary, description, start, and due
  • Delete task
  • Complete task
  • Reopen task
  • Add members
  • Remove members

The following are intentionally out of scope for v1:

  • reminders
  • tasklists
  • dependencies
  • repeat rules
  • custom complete
  • attachments

Conditional References

Load extra context only when the request falls off the main path:

  • Read member-sync-troubleshooting.md only when member sync, alias validation, or authorized-scope coverage is the problem.
  • Read task-edge-cases.md only when handling time-field clearing, origin, completion semantics, or deferred task features.
  • Read permission-errors.md only when a task operation fails with permission-related behavior such as 1470403.
  • Read api-alignment.md only when changing toolkit payloads or aligning CLI defaults to newer Feishu API samples.
安全使用建议
What to consider before installing: - Do not assume the skill is harmless because it’s 'instruction-only' — this bundle includes code and a runtime.json file containing an app_id, app_secret, and a user_access_token. Those are effectively credentials that let the skill call Feishu APIs immediately. - The registry metadata incorrectly reports no required credentials, but the toolkit requires FEISHU_APP_ID and FEISHU_APP_SECRET (or a runtime.json). That mismatch is a red flag: verify who provided the embedded credentials and whether you trust them. - Actions you can take before installing: inspect toolkit/config/runtime.json yourself; if you plan to use the toolkit, delete or replace the bundled runtime.json and configure your own app credentials (prefer environment variables). Do not use the embedded app_secret or user token. Rotate any credentials if they are yours and were committed here by mistake. - If you must test the skill, run it in an isolated environment (sandbox or container) and avoid exposing real production credentials. Consider removing or sanitizing toolkit/data/feishu_members.json if it contains real user identifiers. - The pre-scan flagged a possible base64 prompt-injection pattern in SKILL.md; review the file for any hidden or encoded content and remove it if found. - If you cannot verify the origin of the embedded credentials or if they belong to someone else, do not install/use the skill. Prefer a version of the toolkit that requires the user to provide credentials interactively or via environment variables.
功能分析
Type: OpenClaw Skill Name: feishu-task-management-skill Version: 0.0.1 The skill bundle contains hardcoded sensitive credentials and PII, which constitutes a significant security risk. Specifically, 'toolkit/config/runtime.json' includes a Feishu App ID, App Secret, and an OAuth User Access Token, while 'toolkit/data/feishu_members.json' contains real-looking names and identifiers for several individuals. Although the code logic appears legitimate and aligns with the stated purpose of managing Feishu tasks via the official API (open.feishu.cn), the inclusion of live secrets and synchronized member data in a distributed bundle is a critical vulnerability (credential leakage and data exposure).
能力评估
Purpose & Capability
Name/description and code align: this is a local Python toolkit for Feishu Task with appropriate endpoints and CLI scripts. However the registry metadata lists no required environment variables or primary credential even though the toolkit's AppConfig.load requires FEISHU_APP_ID and FEISHU_APP_SECRET (or a runtime.json). The included runtime.json contains apparent app_id, app_secret and a user_access_token, which the description implies but the metadata does not declare—this is an incoherence and a sensitive inclusion.
Instruction Scope
SKILL.md instructs the agent to run local scripts that read and write configuration and data files (runtime.json, member_aliases.json, feishu_members.json) and to prefer using configured tokens. Those file reads are reasonable for the stated purpose, but because the repository already contains runtime.json with credentials and member data, following the instructions can cause the agent to use or expose baked-in secrets and organization member info. The SKILL.md also includes a pre-scan prompt-injection signal (base64-block) that should be reviewed.
Install Mechanism
No install spec — instruction-only runtime and bundled Python scripts. Nothing is fetched from external URLs during install. The risk here is from included source and data files (credentials and member lists), not from third-party installers.
Credentials
The skill effectively requires app credentials and optionally user OAuth tokens to function, but the registry lists no required env vars or primary credential. The repo contains a runtime.json with an app_secret and a long user_access_token; bundling working credentials in the skill artifact is disproportionate and risky because it grants the skill immediate access to the Feishu APIs without asking the installer to supply their own credentials.
Persistence & Privilege
always:false and normal invocation settings are fine. However the bundled runtime.json provides persistent credentials inside the skill's files, enabling the skill to make authenticated API calls immediately and persistently from the local copy. This increases blast radius compared to a toolkit that required the user to supply credentials at runtime.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install feishu-task-management-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /feishu-task-management-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Initial release of feishu-task-management-skill. - Provides Feishu Task management via a local Python toolkit with app credentials and optional user token support. - Supports creating, updating, completing, reopening, deleting tasks, and managing task members. - Resolves members using a locally synced member table and alias mapping—no ad hoc lookups. - Includes strict write-safety and command selection rules to avoid destructive or ambiguous operations. - Scope excludes reminders, tasklists, dependencies, repeat rules, custom complete, and attachments.
元数据
Slug feishu-task-management-skill
版本 0.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

feishu-task-management-skill 是什么?

Manage Feishu tasks through a local Python toolkit that always has app credentials and can optionally act as a user for task APIs when OAuth user tokens are... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 297 次。

如何安装 feishu-task-management-skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-task-management-skill」即可一键安装,无需额外配置。

feishu-task-management-skill 是免费的吗?

是的,feishu-task-management-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

feishu-task-management-skill 支持哪些平台?

feishu-task-management-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 feishu-task-management-skill?

由 @_@(@owrig)开发并维护,当前版本 v0.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论