首页 / 技能 / Feishu API Lookup — 飞书API速查

📦 Feishu API Lookup — 飞书API速查

v1.0.0

一键检索飞书开放平台文档,快速定位所需API端点、参数说明与返回结构,为脚本开发、集成调试提供即时参考。

0· 354·1 当前·1 累计
by @deadblue22 (deadblue)
API工具开发工具文档工具
下载技能包
最后更新
2026/4/22
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
This skill appears to be a documentation lookup, but its runtime instructions tell the agent to read /root/.openclaw/openclaw.json to obtain Feishu app_id/app_secret and then request a tenant_access_token. That file contains sensitive channel credentials and this access is not declared in the registry metadata. Before installing: 1) Do not install if your OpenClaw config stores real Feishu credentials at that path. 2) Ask the publisher to remove any code that reads internal agent config and inst...
详细分析 ▾
用途与能力
The skill is described as an on-demand API documentation lookup, which should not require access to agent configuration or credentials. However the SKILL.md includes code that reads /root/.openclaw/openclaw.json to extract Feishu appId/appSecret. That file access is not declared in the metadata and is disproportionate to a documentation lookup.
指令范围
Runtime instructions tell the agent to perform web_search/web_fetch (expected) but also explicitly show Python code that opens and reads /root/.openclaw/openclaw.json and posts the app_id/app_secret to obtain a tenant_access_token. The instructions therefore direct reading internal config and using credentials — behavior outside a simple documentation-lookup scope.
安装机制
No install spec and no code files are present (instruction-only), so nothing is written to disk by an installer. This is the lowest-risk install mechanism.
凭证需求
The registry declares no required env vars or config paths, yet the SKILL.md accesses sensitive credentials from an internal config path and demonstrates exchanging them for a tenant_access_token. Requesting/using internal channel credentials is not justified by the stated purpose and is not declared.
持久化与权限
always:false (good). The skill can be invoked autonomously (default), and combined with instructions to read internal credentials this increases the risk of secret exposure if the agent runs the skill without explicit user oversight.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/5

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install feishu-api-lookup
镜像加速npx clawhub@latest install feishu-api-lookup --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库