← 返回 Skills 市场
ruoruochen

Storage Manager

作者 ruoruochen · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
74
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install storage-manager
功能描述
飞书收纳管家完整版 - 智能位置匹配 + 位置图片管理 + 一键入库
安全使用建议
What to consider before installing: - Do not rely on the code's defaults. The package includes hard-coded Feishu credentials/tokens in several Python files; if you don't supply your own FEISHU_* environment variables, images and records will be uploaded to the account tied to those defaults. Treat that as potential data exfiltration. - Recommended immediate steps before use: 1) Inspect the code files (final_integrated.py, complete_system.py, location_image_manager.py, etc.) and remove or replace any hard-coded FEISHU_APP_ID / FEISHU_APP_SECRET / FEISHU_BITABLE_TOKEN / FEISHU_TABLE_ID values. Ensure they are not present in the deployed copy. 2) Provide your own Feishu credentials via environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID) and verify the code reads them (it does, but defaults exist). Test with throwaway data first. 3) If you do not control the Feishu app the code would use (i.e., you don't know the owner of the hard-coded credentials), do not run the skill with real/personal images or sensitive data. 4) Consider running the tool in an isolated environment (container/VM) and monitor network calls (to confirm they go to your configured app and not elsewhere). 5) If you will install via the provided install.sh, review the script and remove or modify the symlink creation step if you prefer not to alter ~/.local/bin automatically. - If you are not comfortable auditing or editing the code, avoid installing this skill or request a version from the author that does not contain embedded secrets and that properly declares required environment variables in its metadata.
功能分析
Type: OpenClaw Skill Name: storage-manager Version: 1.0.1 The skill bundle contains hardcoded sensitive credentials, specifically a Feishu App Secret ('HHEZEDoNZwfNdoediXiGSbaRFKDmpB71') and Bitable tokens, across multiple files including complete_system.py, final_integrated.py, and storage_manager_final.py. While these appear to be default or test credentials for a specific Feishu Bitable instance, hardcoding secrets is a critical security vulnerability. Furthermore, the SKILL.md instructions explicitly direct the AI agent to operate 'without user confirmation' for its smart matching logic, which increases the risk of unintended data modification.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
Name/description, SKILL.md, and code all match: this is a Feishu Bitable + image upload storage manager, so network access to open.feishu.cn and image upload capabilities are expected. However the registry metadata did not declare the FEISHU_* environment variables even though SKILL.md and the code require them. That mismatch (metadata says no required env vars; documentation and code require credentials) is a coherence problem and surprising for a skill that integrates with an external service.
Instruction Scope
SKILL.md instructs the agent/user to set FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID and to run CLI commands. The runtime code uploads files and creates records via Feishu APIs (open.feishu.cn). The instructions do not ask for unrelated system data, but the code will accept image files from disk and upload them to Feishu — expected for purpose. The concern is that the runtime will proceed using built-in defaults (hard-coded credentials) if you don't set env vars, causing data to be sent to a third-party account without explicit notice.
Install Mechanism
There is no platform install spec (instruction-only), which is lower risk. An included install.sh exists and will install requests (pip3), chmod files, and create a symlink under ~/.local/bin/storage-manager — standard for a CLI tool. No remote downloads or archive extraction from untrusted URLs were seen. Install script writes into the user home (~/.local/bin) which is typical for user-level CLI installs.
Credentials
The skill logically needs Feishu credentials, and SKILL.md documents FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_BITABLE_TOKEN/FEISHU_TABLE_ID. But the skill metadata did not declare these as required. Worse, multiple code files (e.g., final_integrated.py, complete_system.py, location_image_manager.py) include default hard-coded values for app_id, app_secret, bitable_token and table_id. Those embedded secrets are disproportionate and risky: if you don't override them, your uploads/records will go to the account tied to those defaults.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request system-wide privileges. The install script creates a user-level symlink and example .env file — typical for CLI tools. The skill does not modify other skills' configurations or require platform-level persistence beyond a user-installed CLI.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install storage-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /storage-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
**v1.0.1 – Major "Complete Edition" Release** - Introduced smart location matching: system auto-matches input positions (~75%+ similarity) to existing locations. - Added position image management: each storage location now supports and encourages a visual/photo label. - Expanded CLI with new commands (e.g., add-location-photo) and a more intelligent interface. - Enhanced documentation: detailed usage guides, architecture overview, and FAQ in SKILL.md. - Added multiple new core modules, including smart matching and photo management. - Improved storage logic: items now reference both their own image and the location’s visual tag for quick recognition.
v1.0.0
Initial release of Storage Manager – 飞书多维表格收纳管家: - Adds tool for recording items and storage locations, with optional image support. - Enables searching for stored items and retrieving their location and image link. - Allows updating the storage location of an existing item. - Integrates with 飞书多维表格 via open APIs. - Provides CLI usage examples and clear setup guidance for environment variables and 飞书 app permissions.
元数据
Slug storage-manager
版本 1.0.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Storage Manager 是什么?

飞书收纳管家完整版 - 智能位置匹配 + 位置图片管理 + 一键入库. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。

如何安装 Storage Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install storage-manager」即可一键安装,无需额外配置。

Storage Manager 是免费的吗?

是的,Storage Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Storage Manager 支持哪些平台?

Storage Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Storage Manager?

由 ruoruochen(@ruoruochen)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论