技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.4.11
统计:⭐ 3 · 2.2k · 48 current installs · 48 all-time installs
⭐ 3
安装量(当前) 48
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:autogame-17/feishu-card
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill mostly does what it claims (send Feishu cards) but its files access unspecified config (.env), write caches/temp outside the skill directory, and execute shell commands with unescaped user data — the manifest/metadata do not declare these behaviors and that mismatch is concerning.
目的
The code implements Feishu card sending, persona wrappers, image upload, and CLI helpers — which matches the description. However the skill depends on a sibling module ../feishu-common for auth and implicitly loads a '../../.env' file for credentials even though the registry metadata declares no required env vars or config paths. That un-declared dependency on external credentials/config is inconsistent with the manifest.
说明范围
SKILL.md describes sending messages and recommends writing message content to files (or using send_safe.js). The runtime instructions and code go beyond simple sending: they read and write files under ../../temp and ../../memory, attempt to load '../../.env', and handle file uploads. handle_event.js and send_safe.js call child_process.execSync with interpolated arguments — in particular handle_event.js constructs a shell command containing use…
安装机制
There is no remote install/download spec; the package is instruction-plus-code included in the archive with a package.json referencing standard npm deps (commander, dotenv). No external downloads or extract steps are present.
证书
The skill metadata declares no required env vars or config paths, but send.js explicitly loads '../../.env' with dotenv and requires ../feishu-common for auth. That implies the skill will use Feishu credentials (APP_ID/SECRET or tokens) stored outside the skill folder. Not declaring these credentials is disproportionate and makes it unclear what secrets the skill will access. The code also writes/reads cache and temp files outside its own dire…
持久
always is false (no forced inclusion). The skill writes persistent cache (feishu_image_keys.json) and creates temp files under ../../memory and ../../temp — persistent state on disk but confined to sibling/parent workspace directories. It does not appear to modify other skills' configs, but the ability to create files outside the skill directory and to exec shell commands increases its effective privileges in the agent workspace.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Feishu Card」。简介:Send rich interactive Feishu cards with markdown, headers, buttons, images, and…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/autogame-17/feishu-card/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。