← Back to Skills Marketplace
josephyb97

feishuFindDoc

by Josephyb97 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
535
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install feishu-doc-finder
Description
Find and download files from Feishu chat history by filename.
README (SKILL.md)

Feishu File Finder

A utility skill to search for a file in a Feishu chat (by filename) and download it. Useful when OpenClaw's auto-download misses a file or for retrieving past files.

Prerequisites

  • FEISHU_APP_ID and FEISHU_APP_SECRET must be set in environment.

Usage

cd skills/feishu-file-finder
npm install

# Basic usage
node index.js --chat \x3Cchat_id> --file \x3Cfilename>

# Options
# -o, --output \x3Cdir>   Save path (default: current dir)
# -h, --hours \x3Cnum>    Search history lookback (default: 24h)

Example

export FEISHU_APP_ID=...
export FEISHU_APP_SECRET=...

node index.js --chat oc_87435... --file travel-planner.zip
Usage Guidance
This skill's behavior (using the Feishu SDK to search chat history and download files) is coherent with its description, but there is an important metadata mismatch: the registry entry does not declare the FEISHU_APP_ID and FEISHU_APP_SECRET env vars that both SKILL.md and the code require. Before installing or running this skill: 1) Only provide FEISHU_APP_ID/FEISHU_APP_SECRET for an app you created or trust; prefer an app with minimal permissions (read-only access to the specific chat scope). 2) Review package.json and the exact versions of dependencies (npm install will pull @larksuiteoapi/node-sdk and commander). 3) Run the skill in a sandboxed environment or container to limit filesystem/network exposure; it will write downloaded files to disk. 4) Ask the publisher to update registry metadata to declare the required environment variables and to provide a homepage/source repo for auditing. 5) If you need higher assurance, audit the SKILL.md and index.js yourself or have a trusted reviewer confirm there are no unexpected network endpoints or credential exfiltration paths (none were detected in the provided code).
Capability Analysis
Type: OpenClaw Skill Name: feishu-doc-finder Version: 1.0.0 The skill's primary function is to find and download files from Feishu, which aligns with its description. It accesses `FEISHU_APP_ID` and `FEISHU_APP_SECRET` from environment variables, which is necessary for its operation, and there is no evidence of exfiltration. However, the `index.js` script constructs the output file path using `path.join(options.output, fileName)`. If the `fileName` retrieved from the Feishu API contains path traversal sequences (e.g., `../../evil.sh`), a malicious file could be written outside the intended output directory. This represents a potential path traversal vulnerability, classifying the skill as suspicious due to this risky capability, even though there's no clear evidence of intentional malicious behavior by the developer.
Capability Assessment
Purpose & Capability
The skill's stated purpose (find & download files from Feishu chat) matches the implementation (uses @larksuiteoapi/node-sdk to list messages and download resources). However, the registry metadata declares no required environment variables or primary credential, while SKILL.md and index.js both require FEISHU_APP_ID and FEISHU_APP_SECRET. This mismatch is unexpected and reduces transparency about what secrets the skill needs.
Instruction Scope
SKILL.md directs running npm install and node index.js with chat and filename arguments and explicitly requires FEISHU_APP_ID/FEISHU_APP_SECRET. The runtime instructions and code operate within the stated scope (search chat history, locate file messages, download file to disk). The instructions do not request unrelated files, system config, or external endpoints beyond Feishu's API (via the official SDK).
Install Mechanism
There is no custom install spec; the skill is instruction+code that expects a normal npm install of declared dependencies (commander and @larksuiteoapi/node-sdk). No arbitrary URL downloads or extract steps are used. Risk is typical for npm packages (supply-chain risk) but not unusual or disproportionate for this functionality.
Credentials
The credentials the code requires (FEISHU_APP_ID and FEISHU_APP_SECRET) are reasonable for accessing Feishu chat and downloading files — so their existence is proportionate. The issue is that the registry metadata did not advertise these required environment variables or a primary credential, meaning a user installing the skill might not realize they must provide secrets. That mismatch is a transparency and safety concern.
Persistence & Privilege
The skill does not request always: true, does not declare any system-wide config paths, and does not modify other skills. It writes downloaded files to a user-specified output directory (default current directory), which is expected behavior for a downloader.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install feishu-doc-finder
  3. After installation, invoke the skill by name or use /feishu-doc-finder
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Feishu File Finder (version 1.0.0). - Enables searching and downloading files from Feishu chat history by filename. - Supports specifying chat ID, filename, output directory, and search time window. - Requires setting FEISHU_APP_ID and FEISHU_APP_SECRET environment variables.
Metadata
Slug feishu-doc-finder
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is feishuFindDoc?

Find and download files from Feishu chat history by filename. It is an AI Agent Skill for Claude Code / OpenClaw, with 535 downloads so far.

How do I install feishuFindDoc?

Run "/install feishu-doc-finder" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is feishuFindDoc free?

Yes, feishuFindDoc is completely free (open-source). You can download, install and use it at no cost.

Which platforms does feishuFindDoc support?

feishuFindDoc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created feishuFindDoc?

It is built and maintained by Josephyb97 (@josephyb97); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments