技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 2 · 4.3k · 69 current installs · 70 all-time installs
⭐ 2
安装量(当前) 70
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:autogame-17/feishu-bitable
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's stated purpose (manage Feishu Bitable) is plausible, but the package contains multiple inconsistencies and risky patterns (missing declared credentials, cross-skill file imports, hard-coded app token, and top-level execution) that do not align cleanly with its description.
目的
The SKILL.md and README state this is a Feishu Bitable helper and list FEISHU_APP_ID / FEISHU_APP_SECRET as configuration, but the registry metadata declares no required environment variables or primary credential. The code depends on a getTenantAccessToken implementation from a separate 'feishu-doc' skill (via relative paths) which is not included in this package, creating a capability mismatch: the skill assumes other skill files and secrets…
说明范围
SKILL.md describes library usage only, but both JS files contain a main() function that is invoked at top-level — requiring or executing these files will perform network calls (list tables / add records). The code also imports an auth module from a sibling skill path (../feishu-doc/lib/auth or ../../skills/feishu-doc/lib/auth), i.e., it expects to read code/credentials outside its declared boundary. SKILL.md does not mention these side effects…
安装机制
There is no install spec (instruction-only style), and dependencies are standard npm modules (dotenv, node-fetch) listed in package.json/package-lock.json — no external downloads or extract steps. That is low-risk for installation, but the package does include executable JS files that run network operations on load; the absence of an install spec means the agent/environment may run these files directly.
证书
The code clearly needs Feishu credentials (it calls getTenantAccessToken and SKILL.md names FEISHU_APP_ID / FEISHU_APP_SECRET), but the skill metadata declares no required env vars or primary credential. This mismatch hides the fact that installing or running the code will require providing Feishu secrets; additionally, the presence of a hard-coded appToken in the code is disproportionate and may expose/lock usage to that app id.
持久
The skill does not request permanent presence (always:false) and uses default autonomous invocation rules. It doesn't explicitly modify other skills or system config. However, its cross-skill imports (attempting to reach feishu-doc/lib/auth) imply it expects access to files belonging to other skills; if run in an environment where sibling skill directories exist, it could read their auth implementation and thus indirectly access credentials. A…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「feishu-bitable」。简介:Manage Feishu Bitable by listing tables and adding records or tasks using provi…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/autogame-17/feishu-bitable/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。