Skill Trust Decision

feishu-ops

Name: feishu-ops Trust Review Report
Item: feishu-ops
Rating: 58
Author: ClawSafe

发现多个本地文件操作脚本未在SKILL.md中声明，存在文档-行为不符的影子功能问题，且包含硬编码用户路径的开发遗留代码。

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 14

Artifacts 12

Violations 2

Findings 6

Most direct threat evidence

High Doc Mismatch

影子功能：本地桌面文件操作未在文档声明

scripts/fix_xlsx_encoding.py 和 scripts/rebuild_xlsx.py 执行本地桌面 xlsx 文件读取/修改，但 SKILL.md 完全没有提及本地文件操作功能，只描述了飞书云端文档操作

scripts/fix_xlsx_encoding.py:2

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

12 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 3 severe findings.

Review

Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

What drove the risk score up

影子功能-本地文件操作 +20

fix_xlsx_encoding.py、rebuild_xlsx.py 操作用户桌面文件但 SKILL.md 未声明

硬编码用户路径泄露 +12

多处硬编码 C:/Users/10430/ 路径，包含敏感目录结构

环境变量访问用户目录 +5

使用 os.environ['USERPROFILE'] 访问用户主目录

无版本锁定的第三方依赖 +5

lark-oapi 和 openpyxl 未指定版本范围

Most important evidence

High Doc Mismatch

影子功能：本地桌面文件操作未在文档声明

scripts/fix_xlsx_encoding.py 和 scripts/rebuild_xlsx.py 执行本地桌面 xlsx 文件读取/修改，但 SKILL.md 完全没有提及本地文件操作功能，只描述了飞书云端文档操作

scripts/fix_xlsx_encoding.py:2

如需保留本地文件操作能力，必须在 SKILL.md 中明确声明 filesystem:WRITE 权限及用途

High Sensitive Access

硬编码用户敏感路径

多个脚本硬编码了开发者的完整用户路径 C:/Users/10430/，包含 .openclaw 配置目录和 Desktop 目录结构，存在信息泄露风险

scripts/fix_xlsx_encoding.py:8

移除所有硬编码用户路径，改用相对路径或配置文件管理

High Sensitive Access

遍历用户桌面查找文件

fix_xlsx_encoding.py 遍历用户桌面目录，通过文件大小匹配查找目标 xlsx 文件，具有情报收集特征

scripts/fix_xlsx_encoding.py:3

此功能应明确声明或移除

Medium Supply Chain

第三方依赖无版本锁定

lark-oapi 和 openpyxl 未在 requirements.txt 或代码中指定版本范围，可能引入供应链风险

SKILL.md:97

创建 requirements.txt 并锁定版本，如 lark-oapi>=1.0.0,<2.0.0

Medium Credential Theft

凭证文件路径硬编码

多处脚本硬编码读取凭证配置路径 C:/Users/10430/.openclaw/workspace/skills/feishu-ops/scripts/config.json

scripts/rebuild_xlsx.py:52

使用相对路径或环境变量管理凭证路径

Low Priv Escalation

权限声明缺失

SKILL.md 未声明 allowed_tools，filesystem 和 network 权限的使用场景不透明

SKILL.md:1

在 SKILL.md 开头添加 allowed_tools 声明

Declared capability vs actual capability

Filesystem Block

Declared NONE

→

Inferred WRITE

scripts/fix_xlsx_encoding.py:2, scripts/rebuild_xlsx.py:8

Network Pass

Declared WRITE

→

Inferred WRITE

SKILL.md 声明飞书 API 调用

Environment Block

Declared NONE

→

Inferred READ

scripts/fix_xlsx_encoding.py:2 os.environ['USERPROFILE']

Suspicious artifacts and egress

Medium External URL

https://feishu.cn/doc/xxx

SKILL.md:32

Medium External URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

references/api_ref.md:6

Medium External URL

https://open.feishu.cn/open-apis/docx/v1/documents

references/api_ref.md:15

Medium External URL

https://open.feishu.cn/open-apis/docx/v1/documents/

references/api_ref.md:23

Medium External URL

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=

references/api_ref.md:53

Medium External URL

https://open.feishu.cn/open-apis/contact/v3/users/search?query=

references/api_ref.md:66

Medium External URL

https://open.feishu.cn/open-apis/im/v1/chats?search_key=

references/api_ref.md:71

Medium External URL

https://feishu.cn/docx/

scripts/feishu_doc.py:52

Medium External URL

https://open.feishu.cn/open-apis/im/v1/files?receive_id_type=chat_id

scripts/feishu_msg.py:120

Medium External URL

https://open.feishu.cn/open-apis/im/v1/messages?container_id_type=chat&container_id=

scripts/feishu_msg.py:243

Medium External URL

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id

scripts/send_news.py:25

Medium External URL

https://open.feishu.cn/open-apis/im/v1/files?file_name=

scripts/upload_test.py:17

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
lark-oapi	`*`	pip	No	无版本锁定，建议锁定版本范围
openpyxl	`*`	pip	No	无版本锁定，建议锁定版本范围

File composition

14 files · 1305 lines

Python 11 files · 1041 linesMarkdown 2 files · 260 linesJSON 1 files · 4 lines

Files of concern · 9

scripts/config.json JSON · 4 lines

scripts/feishu_msg.py Python · 332 lines

https://open.feishu.cn/open-apis/im/v1/files?receive_id_type=chat_id · https://open.feishu.cn/open-apis/im/v1/messages?container_id_type=chat&container_id=

scripts/feishu_doc.py Python · 214 lines

https://feishu.cn/docx/

SKILL.md Markdown · 151 lines

第三方依赖无版本锁定 · 权限声明缺失 · https://feishu.cn/doc/xxx

scripts/rebuild_xlsx.py Python · 94 lines

凭证文件路径硬编码

references/api_ref.md Markdown · 109 lines

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal · https://open.feishu.cn/open-apis/docx/v1/documents · https://open.feishu.cn/open-apis/docx/v1/documents/ · https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type= · https://open.feishu.cn/open-apis/contact/v3/users/search?query= · https://open.feishu.cn/open-apis/im/v1/chats?search_key=

scripts/fix_xlsx_encoding.py Python · 59 lines

影子功能：本地桌面文件操作未在文档声明 · 硬编码用户敏感路径 · 遍历用户桌面查找文件

scripts/upload_test.py Python · 40 lines

https://open.feishu.cn/open-apis/im/v1/files?file_name=

scripts/send_news.py Python · 36 lines

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id

Other files · fetch_chat_messages.py · write_news.py · test_blocks2.py

Security positives

代码结构清晰，功能模块化良好

使用标准库 urllib 而非 subprocess 执行命令

所有网络请求都指向官方飞书 API 域名 open.feishu.cn

凭证存储在本地配置文件，未硬编码在代码中（主代码路径正确，但遗留脚本有问题）