feishu-work-archive

The skill coherently aligns its stated purpose (exporting Feishu documents to Obsidian with topic-based organization and index generation). However, there are notable security considerations: credentials are sourced from openclaw.json and used to access the Feishu API, with data ultimately written to a local vault. Without explicit protections (encrypted storage for credentials, scoped API permissions, and secure handling/logging of sensitive data), there is a measurable risk of credential exposure and potential data leakage. The data flow is mostly internal and expected, but the presence of plaintext credentials and the potential for broad access to corporate documents warrants a Suspicious/MEDIUM risk assessment leaning toward suspicious until proper security controls (encrypted config, least-privilege scopes, and explicit data-handling policies) are documented and enacted.