📦 Sql To Doc — SQL转飞书文档

v1.0.0

连接数据库执行SQL，将结果按模板写入飞书云文档，一键生成数据周报与统计报告。

0· 75·0 当前·0 累计

by @runkecheng

数据分析文档工具云服务自动化

下载技能包

最后更新

2026/4/1

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill looks plausible for automating DataWorks→Feishu reports, but there are inconsistencies you should resolve before installing or granting credentials: - Ask the publisher why no Feishu credentials are declared. Creating Feishu docs and sending IMs normally requires Feishu app tokens (APP_ID/APP_SECRET or API token). Do not provide broad Feishu or platform tokens until you confirm exact required scopes. - Confirm what META_CENTER_TOKEN grants. Limit tokens to least privilege (only acces...

详细分析 ▾

⚠ 用途与能力

The skill claims to create Feishu cloud documents and send Feishu IM notifications, but requires only META_CENTER_TOKEN and DATAWORKS_PROJECT. There is no declared Feishu credential (e.g., FEISHU_TOKEN, APP_ID/APP_SECRET) even though the instructions call feishu_create_doc and feishu_im_user_message. This is an incoherence: creating documents in Feishu normally requires Feishu auth.

⚠ 指令范围

SKILL.md instructs the agent to execute SQL via DataWorks OpenAPI (via exec), transform results into Python objects, render Jinja2 templates, and call Feishu creation/notification tools. The instructions assume availability of Jinja2 and of feishu_* helper actions. They do not reference or limit what 'exec' will run, which grants broad discretion to run arbitrary commands against DataWorks OpenAPI — expected for the task but worth noting. The instructions do not ask to read unrelated system files, but they rely on implicit runtime tools and credentials that are not declared.

✓ 安装机制

No install spec and no code files (instruction-only). This reduces the risk of arbitrary code being written to disk. No third-party packages are being fetched by the skill itself.

⚠ 凭证需求

Only META_CENTER_TOKEN and DATAWORKS_PROJECT are declared. For full functionality, additional credentials (Feishu app token/credentials, or other DataWorks auth) are typically required. META_CENTER_TOKEN's scope is unspecified — it could grant wide access beyond what's needed. The minimal declared envs do not justify the Feishu operations described, creating a proportionality mismatch.

✓ 持久化与权限

always is false and there is no install step that writes persistent files or modifies other skills. The skill can be invoked autonomously by the agent (default), which is normal; this is not combined with 'always: true' or other elevated persistence requests.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/1

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install sql-to-doc

镜像加速npx clawhub@latest install sql-to-doc --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库