📦 MiniMax Feishu Music — 主题音乐生成
v1.4.0调用 MiniMax music-2.6 模型,根据输入主题自动生成带歌词的音乐,并渲染为高品质 MP3 附件,一键发送至指定飞书用户,让创意旋律即刻抵达。
0· 106·0 当前·0 累计
by 下载技能包
最后更新
2026/4/11
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill's purpose (generate music and send to Feishu) is reasonable, but the helper script reads your OpenClaw config (~/.openclaw/openclaw.json) to pull Feishu app_id/app_secret without documenting that behavior — that file may contain sensitive credentials. Before installing or running: 1) verify the author/source (unknown here); 2) inspect ~/.openclaw/openclaw.json to confirm what secrets are stored and whether you want them accessed; 3) consider running the script in an isolated environme...详细分析 ▾
ℹ 用途与能力
Name/description (generate music and send to Feishu) aligns with the included script and APIs (MiniMax and Feishu). The skill legitimately needs a MiniMax API key (documented in music_config.json) and some way to send to Feishu. However, the script reads ~/.openclaw/openclaw.json to extract Feishu app_id/app_secret even though SKILL.md does not document needing or creating that file; this is an unexplained requirement.
⚠ 指令范围
SKILL.md documents creating music_config.json and running the script, and mentions using openclaw to send the file. It does NOT mention that the script will read ~/.openclaw/openclaw.json to extract Feishu app credentials and call Feishu's token endpoint. The code therefore accesses additional local config/credentials that are not declared in the instructions — scope creep and a surprise to users.
✓ 安装机制
No install spec; this is an instruction-only skill with a helper script. Nothing is written to disk by an installer. The script does write generated MP3s to ~/.openclaw/workspace/songs (expected for workspace artifacts).
⚠ 凭证需求
The skill documents the MiniMax API key in music_config.json (proportionate). It does not document or declare access to OpenClaw's main config (~/.openclaw/openclaw.json), which the script reads to extract Feishu appId/appSecret. Requesting those credentials is potentially reasonable for sending messages, but the absence of any mention in SKILL.md is an unexplained and disproportionate access to local credentials. Additionally, the script retrieves a Feishu tenant token but then uses the openclaw CLI to send the message, making the direct credential access redundant and suspicious (could be accidental or a code smell).
✓ 持久化与权限
Skill does not request always:true, has no install step that modifies other skills, and does not persist new agent-wide configuration. It writes output files to the user's workspace only (expected).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.4.02026/4/11
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install minimax-feishu-music
镜像加速npx clawhub@latest install minimax-feishu-music --registry https://cn.longxiaskill.com