← 返回 Skills 市场
258
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-san-sheng-liu-bu-lobster
功能描述
支持接收任务分配,通过子代理执行,发送飞书通知,创建文档,多维表格记录并汇总成果交付的一人公司部署工具。
安全使用建议
This skill largely does what its description says (orchestrates subagents and automates Feishu document/table updates), but there are important red flags to check before installing:
- The files contain a hardcoded Feishu app/table token, table_id and several OpenIDs/group IDs. Verify whether those tokens are placeholders or active credentials. If they are real, they expose access to someone else's Feishu resources or leak your credentials if you replace them incorrectly.
- The registry metadata declares no required env vars, yet the skill clearly needs Feishu credentials to operate. Ask the author to clarify how Feishu authentication is meant to be provided (platform-managed credentials vs. secrets in files). Prefer supplying credentials via secure env vars or the platform's secret store — never store tokens in plaintext in skill files.
- The SKILL.md references a user-specific local path (/Users/laihehuo/...). That path is likely a leftover from the author's environment; confirm that file paths will be configurable and that the skill won't attempt to read arbitrary local files you don't want exposed.
- sessions_spawn with cleanup='keep' will persist subagent sessions. If you allow autonomous invocation, consider limiting permissions for spawned subagents and audit what they may access.
Recommended actions before installing: obtain author guidance about credential handling; remove or rotate any exposed tokens; replace hardcoded tokens/IDs with configuration placeholders; run the skill in a restricted/test environment first; and restrict the Feishu app's permissions (least privilege) and rotate credentials if you suspect the tokens in the repo are live.
功能分析
Type: OpenClaw Skill
Name: openclaw-san-sheng-liu-bu-lobster
Version: 0.1.0
The skill bundle contains multiple hardcoded, environment-specific absolute file paths (e.g., `/Users/laihehuo/...` in SKILL.md) and specific Feishu (Lark) API identifiers, including an `app_token` (HxULbN8KTaIkCxsTmvYcg4ldnhh), `table_id`, and several `open_id` values in config/lobster-team.md. These hardcoded values create a high risk of data leakage, as the agent may inadvertently exfiltrate user task data to the developer's Feishu instance or fail to execute correctly on different systems. While likely a result of poor generalization rather than intentional malice, the presence of hardcoded external endpoints for data submission is a significant security concern.
能力评估
Purpose & Capability
The name/description (task decomposition + Feishu integration) match the SKILL.md actions: spawning sub‑agents, sending Feishu messages, creating Feishu docs and updating bitable records. However the skill files embed a specific Feishu app_token (HxULbN8KTaIkCxsTmvYcg4ldnhh), table_id (tblAAxJLFpXO7k1X), several OpenIDs and a Feishu group ID while the registry metadata claims no required env vars/credentials — this mismatch is unexpected.
Instruction Scope
SKILL.md instructs the agent to spawn subagents (sessions_spawn), write local Markdown files (paths under /Users/laihehuo/...), post in Feishu groups and read/extract Feishu group messages/links. All actions align with the declared purpose, but the instructions reference specific local paths and detailed Feishu operations (reading group messages to extract links) which increase the surface area: they require access to local filesystem and to Feishu message history.
Install Mechanism
Instruction-only skill with no install spec and no downloaded code — lowest install risk. The repo files are static documentation and templates only.
Credentials
The skill declares no required env vars or primary credential, yet the included files contain a concrete Feishu app_token, table token, table_id, multiple OpenIDs and a group ID. Either the skill expects the platform to provide Feishu credentials implicitly, or the repo leaked real tokens — both are problematic. The presence of hardcoded tokens in skill files is disproportionate and risky because those tokens grant access to Feishu resources and can be reused if valid.
Persistence & Privilege
always:false (normal). The skill asks sessions_spawn with cleanup='keep' which will leave subagent sessions around — expected for multiagent workflows but increases persistence of state and potential for later autonomous actions. The skill also instructs writing local files and editing its own config (config/lobster-team.md) which is within scope, but the kept subagent sessions and local writes expand the runtime footprint.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-san-sheng-liu-bu-lobster - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-san-sheng-liu-bu-lobster触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
OpenClaw 三省六部虾群 全新上线,支持一人公司高效协作自动化:
- 实现主龙虾任务分配、多角色自动通知、并行任务执行与成果自动汇总全流程。
- 提供完整的 6 只“龙虾”团队配置及团队扩展方式。
- 内置多场景任务模板库,包括资料收集、公众号写作、文案、视频脚本、图片提示词与汇总整合。
- 支持自动创建并同步飞书文档、多维表格,关键产出一键链接汇总。
- 标准化操作指令、交付规范及常见问题全收录,便于新人快速上手与团队协作。
元数据
常见问题
Openclaw San Sheng Liu Bu Lobster 是什么?
支持接收任务分配,通过子代理执行,发送飞书通知,创建文档,多维表格记录并汇总成果交付的一人公司部署工具。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 258 次。
如何安装 Openclaw San Sheng Liu Bu Lobster?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-san-sheng-liu-bu-lobster」即可一键安装,无需额外配置。
Openclaw San Sheng Liu Bu Lobster 是免费的吗?
是的,Openclaw San Sheng Liu Bu Lobster 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw San Sheng Liu Bu Lobster 支持哪些平台?
Openclaw San Sheng Liu Bu Lobster 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw San Sheng Liu Bu Lobster?
由 jiebao360(@jiebao360)开发并维护,当前版本 v0.1.0。
推荐 Skills