← 返回 Skills 市场
Simple Management of Product Documents
作者
zxc159620352
· GitHub ↗
· v1.1.0
· MIT-0
205
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install simple-product-doc-manager
功能描述
Simple Management of Product Documents - A structured workflow for managing product documentation in Feishu (Lark). Use this skill when: - Creating a new pro...
安全使用建议
Do not assume these embedded values are harmless examples. Before installing or using this skill: 1) Ask the author to remove any App Secret, access tokens, refresh tokens, or other credentials from the skill files and confirm whether the included values are placeholders or real. 2) If they are real, do not use them — those credentials should be rotated immediately by the owner. 3) Require the skill to declare any needed environment variables formally (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_USER_TOKEN) instead of embedding secrets in docs, and prefer storing secrets in a secrets manager, not in documentation. 4) Verify whether your agent will ever autonomously call the Feishu APIs using any embedded tokens; if so, ensure tokens are yours, limited in scope, and revocable. 5) Consider treating the skill as untrusted until the credentials are removed or replaced with clearly labeled, non-privileged test values and until the author explains why credentials appear in the bundle.
功能分析
Type: OpenClaw Skill
Name: simple-product-doc-manager
Version: 1.1.0
The skill bundle contains hardcoded Feishu API credentials, including an App ID, App Secret, and User Access Tokens, within 'references/feishu-api-setup.md'. While presented as an 'actual case' example, the inclusion of functional secrets in a skill bundle is a severe security risk. Additionally, 'SKILL.md' explicitly directs the AI agent to create and manage 'Configuration Records' documents intended to store sensitive information like API keys and environment variables. This combination creates a high risk of data exposure or credential harvesting if the provided 'example' credentials are used for real project documentation.
能力评估
Purpose & Capability
The skill's stated purpose is Feishu (Lark) document management, which aligns with the instructions and examples. However, the package declares no required environment variables or credentials while the included reference (references/feishu-api-setup.md) contains an App ID, App Secret, user_access_token, refresh_token, and concrete document links. Either those values are accidental/leftover secrets or the skill expects secret access but fails to declare it. That mismatch is incoherent and risky.
Instruction Scope
SKILL.md and the reference files provide step-by-step Feishu OAuth flows and API calls (creating spaces, writing docs, token refresh). They instruct storing App Secret in env vars and to use user_access_token mode. The instructions themselves stay within Feishu doc management, but the included reference material explicitly publishes sensitive credentials and example tokens and also suggests storing config data (including API keys and env variables) in configuration records—potentially encouraging secret disclosure in project docs. The skill's instructions do not request explicit user confirmation around any embedded credentials, leaving room for accidental reuse or leakage.
Install Mechanism
No install spec or binaries — instruction-only. This is low technical risk from an install/execution standpoint (nothing is dropped or executed on disk by an installer).
Credentials
The skill declares no required env vars or primary credential, yet the supplied references include an App Secret and user tokens. That indicates either undocumented credential requirements or inadvertent inclusion of real secrets. The skill also encourages use of user_access_token (which grants document-level edit access) but does not declare or manage those credentials. Requesting or embedding tokens of another user's account is disproportionate and suspicious.
Persistence & Privilege
The skill is not marked always:true and has no install; it does not request persistent system-level privileges. Autonomous invocation is allowed (platform default) but this is not sufficient alone to elevate privilege concerns.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install simple-product-doc-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/simple-product-doc-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add complete Feishu API setup guide with troubleshooting
v1.0.0
Initial release of simple-product-doc-manager.
- Provides a structured workflow for managing product documentation in Feishu (Lark).
- Defines standardized document structure for project knowledge bases, including requirements, code logic, and configuration records.
- Supports version control for product requirement documents with clear naming conventions.
- Outlines document lifecycle rules (drafting, finalized, archiving, and iteration).
- Includes best practices and workflow examples for smooth document management.
元数据
常见问题
Simple Management of Product Documents 是什么?
Simple Management of Product Documents - A structured workflow for managing product documentation in Feishu (Lark). Use this skill when: - Creating a new pro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 205 次。
如何安装 Simple Management of Product Documents?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install simple-product-doc-manager」即可一键安装,无需额外配置。
Simple Management of Product Documents 是免费的吗?
是的,Simple Management of Product Documents 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Simple Management of Product Documents 支持哪些平台?
Simple Management of Product Documents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Simple Management of Product Documents?
由 zxc159620352(@zxc159620352)开发并维护,当前版本 v1.1.0。
推荐 Skills