技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 747 · 8 current installs · 8 all-time installs
⭐ 0
安装量(当前) 8
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:autogame-17/feishu-minutes
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill mostly does what it says (download Feishu Minutes data) but the code requires Feishu app credentials and reads/writes files outside the skill folder while the SKILL.md and registry metadata do not declare those requirements — this mismatch is concerning.
目的
Name/description claim to fetch Feishu Minutes using a meeting token, which is consistent with the code's API calls. However, the code also requires valid Feishu app credentials (app_id and app_secret) to obtain a tenant_access_token. The skill's metadata and SKILL.md do not declare that FEISHU_APP_ID / FEISHU_APP_SECRET or a config.json are required; that omission is an incoherence between stated purpose and actual requirements.
说明范围
SKILL.md instructs only running the script with a minutes token and an optional --out but does not mention credentials, .env handling, or file paths. The runtime code (lib/auth.js) attempts to load .env files from multiple ancestor paths, reads a config.json if present, and writes/reads a token cache at '../../../memory/feishu_token.json' (outside the skill folder). These behaviors expand scope beyond what the documentation describes and could…
安装机制
No install spec; dependencies are standard npm packages (dotenv, node-fetch, yargs) listed in package.json/lockfile. There are no downloads from arbitrary URLs or extract steps. Nothing unusual in the install footprint.
证书
Registry metadata declares no required env vars, but the code requires FEISHU_APP_ID and FEISHU_APP_SECRET (via environment or config.json). Additionally, lib/auth.js will load .env from process.cwd() and parent directories, which can cause the skill to read unrelated secrets. The skill persists tenant tokens to a shared memory path, enabling cross-skill token reuse — this increases the scope of sensitive data accessed and stored.
持久
always:false (normal). The code persists a tenant token to '../../../memory/feishu_token.json' and will read that cache on subsequent runs; this is persistent and shared by name (the author indicates it's 'Unified Token Cache'). Writing/reading that shared memory file is a persistent side-effect outside the skill folder and can affect other skills or reuse credentials. The skill does not modify other skills' configs or request always:true.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「feishu-minutes」。简介:Fetch metadata, statistics, transcripts, and media files from Feishu Minutes us…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/autogame-17/feishu-minutes/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# Feishu Minutes (妙记) Skill
Fetch info, stats, transcript, and media from Feishu Minutes.
## Usage
```bash
node skills/feishu-minutes/index.js process <minutes_token> --out <output_dir>
```
- `<minutes_token>`: The token from the Minutes URL (e.g., `mmcn...`).
- `--out`: Optional output directory (defaults to `memory/feishu_minutes/<token>`).
## Output
- `info.json`: Basic metadata.
- `stats.json`: View/Comment stats.
- `subtitle.json`: Raw transcript data.
- `transcript.md`: Readable transcript.
- `media.mp4`: Video/Audio recording.