grtninja/feishu-drive
skill-candidates/feishu-drive/SKILL.md
Browse and manage Feishu Drive folders and files via the feishu_drive tool. Use when listing shared folders, inspecting file metadata, creating folders, moving files, or deleting Drive items the bot can access.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter feishu-driveInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 8:15 PM51.9s2 files scanned
SKILL.md
- name:
- feishu-drive
- description:
- Browse and manage Feishu Drive folders and files via the feishu_drive tool. Use when listing shared folders, inspecting file metadata, creating folders, moving files, or deleting Drive items the bot can access.
Feishu Drive Tool
Single tool feishu_drive for cloud storage operations across Feishu Drive folders and files.
Workflow
- Extract
folder_tokenfrom a Feishu Drive URL when you are targeting a specific folder. - Start with
listto confirm what the bot can actually access. - Use
infoto inspect a specific file before moving or deleting it. - Apply the minimal file operation needed (
create_folder,move,delete). - Re-list the target folder to verify the result.
From URL https://xxx.feishu.cn/drive/folder/ABC123 -> folder_token = ABC123
Actions Summary
| Action | Description |
| ------ | ----------- |
| list | List root or folder contents |
| info | Get file metadata by token and type |
| create_folder | Create a folder at root or inside a parent folder |
| move | Move a file into a target folder |
| delete | Delete a file or Drive item by token and type |
File Types
| Type | Description |
| ---------- | ----------------------- |
| doc | Old format document |
| docx | New format document |
| sheet | Spreadsheet |
| bitable | Multi-dimensional table |
| folder | Folder |
| file | Uploaded file |
| mindnote | Mind map |
| shortcut | Shortcut |
Key Constraints
info,move, anddeleterequire the correcttypefor the target object.infodoes not recursively search Drive; browse withlistfirst when the location is uncertain.- Bots do not have a normal user root folder. Shared folder access is the practical starting point for most bot workflows.
Configuration
channels:
feishu:
tools:
drive: true # default: true
Required permissions:
drive:drive- Full access (create, move, delete)drive:drive:readonly- Read only (list, info)
Known Limitations
- Bots have no root folder: Feishu bots use
tenant_access_tokenand don't have their own "My Space". The root folder concept only exists for user accounts. This means:create_folderwithoutfolder_tokenwill fail (400 error)- Bot can only access files/folders that have been shared with it
- Workaround: User must first create a folder manually and share it with the bot, then bot can create subfolders inside it
Guardrails
- Use local or trusted tools only; avoid untrusted install pipelines.
- Do not paste secrets/tokens into chat output.
- Keep outputs in deterministic local paths for reproducible review.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026