grtninja/feishu-doc
skill-candidates/feishu-doc/SKILL.md
Read, write, append, and manage Feishu/Lark documents via the feishu_doc tool. Use when creating, reading, or editing Feishu Docx documents, managing document blocks, creating tables, uploading images or file attachments, or extracting doc_token from Feishu URLs.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter feishu-docInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 8:15 PM56.8s4 files scanned
SKILL.md
- name:
- feishu-doc
- description:
- Read, write, append, and manage Feishu/Lark documents via the feishu_doc tool. Use when creating, reading, or editing Feishu Docx documents, managing document blocks, creating tables, uploading images or file attachments, or extracting doc_token from Feishu URLs.
Feishu Document Tool
Single tool feishu_doc with an action parameter for all Feishu Docx operations. Extract doc_token from URL: https://xxx.feishu.cn/docx/ABC123def -> token is ABC123def.
Workflow
- Extract
doc_tokenfrom the Feishu document URL. - Read the document to understand current content:
{ "action": "read", "doc_token": "ABC123def" } - Check the
hintfield in the response — if present, structured content (tables, images) exists; uselist_blocksto access it. - Apply changes using the appropriate action (write, append, create, update_block, create_table, etc.).
- Verify the result by re-reading the document.
Actions Summary
| Action | Description |
| ------ | ----------- |
| read | Get title, plain text, block statistics |
| write | Replace entire document with markdown |
| append | Append markdown to end of document |
| create | Create new document (always pass owner_open_id) |
| list_blocks | Get full block data including tables and images |
| get_block | Read a single block by ID |
| update_block | Update text content of a block |
| delete_block | Delete a block by ID |
| create_table | Create a Docx table block |
| write_table_cells | Write values to table cells |
| create_table_with_values | Create table and fill cells in one step |
| upload_image | Upload image from URL or local path |
| upload_file | Upload file attachment from URL or local path |
Key Constraints
- Markdown tables not supported in
write/append— usecreate_tableactions instead. - Always pass
owner_open_idwhen creating documents so the user getsfull_access(otherwise only the bot has access). - Image display size follows uploaded pixel dimensions — scale small images to 800px+ width before uploading.
- For uploads, provide exactly one of
urlorfile_path; do not send both. parent_block_idand positional fields such asindexare optional and should only be used when placement must be explicit.feishu_wikidepends on this tool for reading/writing wiki page content.
References
references/block-types.md— complete block type table, editing guidelines, and common patterns.- See also:
references/action-examples.mdfor full JSON examples of each action.
Configuration
channels:
feishu:
tools:
doc: true # default: true
Required permissions: docx:document, docx:document:readonly, docx:document.block:convert, drive:drive.
Guardrails
- Use local or trusted tools only; avoid untrusted install pipelines.
- Do not paste secrets/tokens into chat output.
- Keep outputs in deterministic local paths for reproducible review.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026