Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
添加飞书机器人
v1.0.0快速创建、删除和管理飞书机器人,支持配置App ID、App Secret及模型,自动更新相关配置和目录结构。
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts' actions (create agent directories, update /home/admin/.openclaw/openclaw.json, add 飞书 account entries) match the skill's stated purpose of managing 飞书/OpenClaw agents. Minor inconsistencies: the agent model is written as 'dashscope-coding/<model>' in the script while SKILL.md references plain model names (e.g., glm-5), and a hard-coded binding peer id ('oc_b34e7d612305f015d0a9a061fef1dec3') is added without explanation.
Instruction Scope
SKILL.md and scripts explicitly read and write the OpenClaw configuration and create workspace files—this is in-scope for agent creation. The scripts store app-secret values directly into openclaw.json and assume certain config structure (channels.feishu.accounts, agents.list, bindings, tools.agentToAgent.allow) exist; there is no validation or backup step. No external network endpoints are contacted by the scripts themselves.
Install Mechanism
There is no install spec (instruction-only), which lowers distribution risk. However, the bundled scripts invoke 'node' for JSON manipulation but the skill metadata and SKILL.md do not declare node as a required binary or dependency—this is a mismatch that may cause failures or unexpected behavior when run.
Credentials
The skill requests no environment variables and takes App ID/App Secret as runtime parameters (which is appropriate). However, it then writes those secrets in plaintext into /home/admin/.openclaw/openclaw.json. There is no declaration about where secrets are stored or whether they are encrypted, and no credentials unrelated to the purpose are requested.
Persistence & Privilege
The scripts modify system configuration (/home/admin/.openclaw/openclaw.json) and create directories under /home/admin/.openclaw — expected for this purpose. Concern: the skill injects a hard-coded binding that targets a specific peer id (oc_b34e7d6...), which effectively auto-binds new agents to that peer; this could be unwanted or a misconfiguration and should be reviewed. The skill does not request 'always: true' and does not autonomously persist beyond updating config and files.
What to consider before installing
This skill appears to implement agent creation/listing/deletion as described, but check these before using it:
- Ensure 'node' is installed on the target system (scripts call node) or the scripts will fail. The skill metadata does not declare this dependency.
- Backup /home/admin/.openclaw/openclaw.json before running the scripts; they overwrite portions of the config without validation or backups and could corrupt your config if the file structure differs.
- Be aware App Secret values you supply are written in plaintext into openclaw.json. If you need secrecy, verify how your OpenClaw deployment handles secrets or modify the script to store secrets securely.
- Inspect the hard-coded binding peer id (oc_b34e7d612305f015d0a9a061fef1dec3) and the 'dashscope-coding/' model prefix added by the script — confirm these are intended for your environment. If not, edit the script to avoid auto-binding to an external/unknown peer or to use a configurable value.
- Prefer running this first in a staging/non-production environment to confirm behavior and to avoid accidentally exposing credentials or binding agents to unintended groups.
Given these mismatches and the plaintext handling of secrets, proceed only after review and possible modifications; the issues look like sloppy engineering rather than clear malicious intent, hence 'suspicious'.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6nm0v2dseggr55z8wgmr6183zmw8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.