扫描报告
5 /100
feishu-report-summary
Read Feishu work-report data through the Report v1 API and turn it into daily or weekly summaries
A legitimate Feishu report integration skill that reads work-report data via official APIs and produces summaries; no malicious behavior detected.
可以安装
This skill is safe to use. Continue with standard deployment.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Reads ~/.openclaw/openclaw.json for Feishu credentials - declared in SKILL.md |
| 网络访问 | READ | READ | ✓ 一致 | Makes outbound calls only to Feishu/Lark Report API endpoints - declared in SKIL… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Executes node scripts/fetch_report_tasks.js as declared |
目录结构
4 文件 · 23.5 KB · 767 行 JavaScript 1f · 677L
Markdown 2f · 86L
YAML 1f · 4L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ └─
summary-template.md
Markdown
├─
▾
scripts
│ └─
fetch_report_tasks.js
JavaScript
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@larksuiteoapi/node-sdk | * | bundled | 否 | Loaded from openclaw installation, not directly vendored |
安全亮点
✓ Uses official @larksuiteoapi/node-sdk for all API interactions
✓ All capabilities declared in SKILL.md match implementation
✓ No credential exfiltration - appId/appSecret used only for Feishu API authentication
✓ No base64, obfuscation, or suspicious encoding patterns
✓ No arbitrary command execution - execFileSync used only for path resolution (npm root, which)
✓ Clean error handling with informative failure messages
✓ No sensitive path access beyond declared config location
✓ Output limited to local file/stdout as specified