← 返回 Skills 市场

Google Docs to Feishu

Name: Google Docs to Feishu
Author: turbos7

作者 Vesper · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install google-docs-to-feishu

功能描述

将 Google Docs 文档内容同步/复制到飞书文档。支持手动触发全自动转换。当用户提到 Google Docs 转飞书、Google 文档同步、复制文档到飞书时激活。

使用说明 (SKILL.md)

Google Docs → 飞书文档同步工具

功能概述

Google Docs 文档 → 飞书文档全自动转换
支持标题、段落、列表、表格、图片
手动触发，无需定时

凭证配置

首次使用需要配置 Google OAuth，步骤如下：

1. 创建 Google Cloud 项目

访问 https://console.cloud.google.com，创建项目后：

启用 Google Docs API
创建 OAuth 2.0 Client ID（桌面应用类型）
下载 JSON 文件，保存为 ~/.config/google-docs-to-feishu/credentials.json

2. 授权

首次运行会自动打开浏览器进行授权，或手动访问授权 URL 完成授权。

3. 凭证存放位置

~/.config/google-docs-to-feishu/
├── credentials.json    # OAuth 客户端信息
├── token.json          # 访问令牌（自动生成）

使用方法

同步 Google Docs 到飞书

提供 Google Docs 链接和飞书文件夹 token：

{
  "action": "sync",
  "google_doc_url": "https://docs.google.com/document/d/XXXXXXXXXXXXXXXXXXXXXXXX/edit",
  "feishu_folder_token": "fldcnXXXXXXXXXXXXXX"
}

参数说明

参数	必填	说明
`google_doc_url`	✅	Google Docs 链接
`feishu_folder_token`	❌	飞书文件夹 token，不填则创建在根目录
`feishu_owner_open_id`	❌	飞书用户 open_id，用于授予文档访问权限

飞书文档链接
文档标题
同步状态

完整流程说明

读取 Google Docs — 通过 Google Docs API 获取文档 blocks 结构
格式转换 — 将 Google Docs block 转换为 Markdown
创建飞书文档 — 在指定文件夹创建文档
写入内容 — 通过 feishu-doc 写入 Markdown 内容

权限要求

Google 侧

Google Docs API
OAuth 2.0 授权（read only）

飞书侧

feishu-doc skill（已配置）

注意事项

表格图片等复杂格式可能存在少量格式差异
首次授权需要人工操作，后续可自动续期

安全使用建议

This skill appears to do what it says: it uses Google OAuth to read Google Docs and converts them to Markdown before creating Feishu documents. Before installing, review the full javascript file yourself (or ask the author) because the provided source was truncated in this package summary and the code imports child_process.execSync — confirm what commands are executed (likely to open a browser) and that no unexpected remote endpoints are contacted. Confirm you are comfortable storing Google OAuth client credentials and tokens under ~/.config/google-docs-to-feishu/, and only provide a Feishu folder token to the skill when you trust it. If you want higher assurance, request the complete source and check for any hard-coded remote URLs, unexpected network calls, or shell commands that could run arbitrary input.

功能分析

Type: OpenClaw Skill Name: google-docs-to-feishu Version: 0.1.0 The skill provides a utility to sync Google Docs to Feishu, but it contains a critical shell injection vulnerability in `google-docs-to-feishu.js`. The script uses `execSync` to call other OpenClaw tools by embedding unsanitized document titles and content directly into shell command strings. While the code's logic aligns with its stated purpose and uses legitimate Google OAuth endpoints, the lack of input sanitization allows for arbitrary command execution if a processed document contains malicious shell characters (e.g., single quotes or semicolons).

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description (Google Docs → Feishu sync) matches what the SKILL.md describes and what the code shows: Google OAuth, reading Docs API, converting blocks to Markdown, and creating/writing Feishu docs. Requested artifacts (local credentials JSON, token.json) are appropriate for Google OAuth. The only minor note: the code requests userinfo.profile and userinfo.email scopes in addition to documents.readonly — these are plausible for identifying the user but are not strictly necessary for reading Docs.

✓ Instruction Scope

Runtime instructions are scoped to the declared purpose: they explain creating a Google Cloud OAuth client, saving credentials to ~/.config/google-docs-to-feishu/, running an authorization flow (local server on port 8765), then fetching docs and pushing converted content to Feishu. The SKILL.md does not instruct reading unrelated files or exfiltrating arbitrary data. It does rely on a provided Feishu folder token or configured feishu-doc capability.

✓ Install Mechanism

No install spec (instruction-only) — lowest-risk install model. The skill includes a JS file intended to run as a CLI; nothing is downloaded from external arbitrary URLs during install according to the provided metadata.

ℹ Credentials

The skill does not request environment variables or other credentials up-front. It stores Google OAuth client credentials and tokens under ~/.config/google-docs-to-feishu/, which is consistent with OAuth usage. The Feishu folder token is passed at runtime in the sync payload rather than as an environment variable; this is reasonable. Note that the inclusion of userinfo.* scopes and the use of a local token file are things the user should be aware of.

✓ Persistence & Privilege

always:false and no special platform privileges are requested. The skill writes its own config/token to ~/.config/google-docs-to-feishu/ (expected). It runs a short-lived local auth HTTP server on port 8765 for OAuth callback, which is normal for desktop OAuth flows.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install google-docs-to-feishu
安装完成后，直接呼叫该 Skill 的名称或使用 /google-docs-to-feishu 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release: Google Docs to Feishu document sync

元数据

Slug google-docs-to-feishu

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题