The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/md_to_feishu_doc.py accesses sensitive Feishu API credentials (appId and appSecret) from a local configuration file. The file path is hardcoded to a specific user directory (/home/lenovo/.openclaw/openclaw.json), which may cause issues in different environments.
[EXTERNAL_DOWNLOADS]: The skill uses the scrapling library to fetch content and images from arbitrary third-party URLs provided by the user. It also downloads images from these URLs to upload them to Feishu.
[COMMAND_EXECUTION]: The skill relies on shell scripts (scripts/run_pipeline.sh) and Python scripts to perform environment checks, scraping, and document generation. It dynamically constructs command lines to run these scripts using uv or python.
[PROMPT_INJECTION]: The SKILL.md file contains strong instructions (e.g., "must execute the following process", "no additional confirmation needed") to ensure the agent follows the automated workflow. While authoritative, these instructions appear to be for task automation rather than malicious behavior modification.
[DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. Network operations are directed towards well-known Feishu API endpoints (open.feishu.cn) and user-requested article URLs.

scrapling-article-fetch