← 返回 Skills 市场
Feishu User Auth
作者
Abigale-cyber
· GitHub ↗
· v1.0.0
· MIT-0
86
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-user-auth
功能描述
Complete one-time Feishu browser authorization and cache a local `user_access_token` so later `feishu-bitable-sync` runs can write Bitable rows as the curren...
使用说明 (SKILL.md)
feishu-user-auth
在当前租户下,如果 tenant_access_token 不能稳定写多维表,先运行这个 skill。
它会:
- 打开浏览器进入飞书授权页
- 通过本地回调地址接收授权码
- 换取
user_access_token + refresh_token - 缓存在本机
~/.codex/feishu-auth/content-system-sync.json
运行前请确认:
- 已配置
FEISHU_APP_ID - 已配置
FEISHU_APP_SECRET - 飞书应用已开通网页应用能力
- 飞书应用回调地址已包含
http://127.0.0.1:14578/callback
输出:
content-production/published/YYYYMMDD-feishu-user-auth.md
授权成功后,再运行 feishu-bitable-sync 即可按用户身份写多维表。
安全使用建议
This skill appears to do exactly what it says (perform Feishu OAuth in a browser and cache a user token), but there are a few things you should verify before installing:
- Provide FEISHU_APP_ID and FEISHU_APP_SECRET: SKILL.md/README require these, but the registry metadata doesn't declare them — ensure you only set credentials you trust to this skill and that you understand which app is being authorized.
- Inspect skill_runtime.feishu_auth: runtime.py delegates OAuth work to skill_runtime.feishu_auth (not included here). Review that module's code (network endpoints it calls, where it stores tokens, and whether it transmits tokens anywhere) before running the skill.
- Confirm callback behavior and local server: the skill opens your browser and listens on 127.0.0.1:14578/callback. Ensure that port is acceptable in your environment and that nothing else sensitive will be exposed.
- Confirm token storage location: tokens are cached under ~/.codex/feishu-auth/content-system-sync.json. If you have policies about where credentials may be stored, verify or change this path.
- Dependency handling: README mentions a requirements.txt; the package doesn't include dependencies. Make sure the runtime environment provides the expected dependencies or install them from trusted sources.
If you can't review skill_runtime.feishu_auth or confirm the app credentials and storage behavior, do not install or run the skill. If you do proceed, run it in a controlled environment and monitor network traffic during the authorization to ensure tokens are not sent to unexpected endpoints.
功能分析
Type: OpenClaw Skill
Name: feishu-user-auth
Version: 1.0.0
The skill implements a standard OAuth2 authorization flow for Feishu, allowing an agent to obtain and cache user tokens locally. It uses a local loopback address (127.0.0.1:14578) for the authorization callback and stores credentials in a local directory (~/.codex/feishu-auth/), which is standard behavior for CLI-based authentication tools. The code in runtime.py and instructions in SKILL.md are consistent with the stated purpose and do not exhibit signs of data exfiltration, malicious execution, or prompt injection.
能力标签
能力评估
Purpose & Capability
The skill's stated purpose (browser-based Feishu OAuth to obtain and cache a user_access_token) matches the runtime code and README. However, the registry metadata claims 'Required env vars: none' while SKILL.md and README explicitly require FEISHU_APP_ID and FEISHU_APP_SECRET — this mismatch is unexplained and should be corrected. The skill also imports functions from skill_runtime.feishu_auth (not included in this package), which is expected for OAuth behavior but increases reliance on external runtime code.
Instruction Scope
SKILL.md and runtime.py only describe actions consistent with the stated purpose: opening a browser, running a local callback server (http://127.0.0.1:14578/callback), exchanging an authorization code for user tokens, and caching them under ~/.codex/feishu-auth/content-system-sync.json. The code reads an input markdown for an optional timeout value and writes a manifest to content-production/published — these are within scope.
Install Mechanism
There is no install spec (instruction-only install), which is lower risk, but the README references a requirements.txt and a separate feishu_auth.py under a runtime library path. The skill bundle does not include that feishu_auth implementation or dependency list, so behavior depends on the agent runtime's library (skill_runtime.feishu_auth). You should confirm that the runtime-provided feishu_auth implementation is trustworthy.
Credentials
The skill requires FEISHU_APP_ID and FEISHU_APP_SECRET to function (per README and SKILL.md) but the registry metadata fails to declare any required environment variables. This omission is a red flag because it hides the need for app credentials. The token cache is stored locally (~/.codex/feishu-auth/...), which is proportionate for the stated purpose, but you should verify that cached tokens are only written locally and not transmitted elsewhere by the runtime library.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes to its own cache and an output manifest in the workspace. Running a local callback server and opening a browser are normal for OAuth flows and are explicitly documented.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-user-auth - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-user-auth触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Sync latest content-system skill docs and runtime implementation
元数据
常见问题
Feishu User Auth 是什么?
Complete one-time Feishu browser authorization and cache a local `user_access_token` so later `feishu-bitable-sync` runs can write Bitable rows as the curren... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 Feishu User Auth?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-user-auth」即可一键安装,无需额外配置。
Feishu User Auth 是免费的吗?
是的,Feishu User Auth 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Feishu User Auth 支持哪些平台?
Feishu User Auth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu User Auth?
由 Abigale-cyber(@abigale-cyber)开发并维护,当前版本 v1.0.0。
推荐 Skills