添加飞书机器人
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated Feishu-agent purpose, but its scripts make high-impact OpenClaw changes with unsafe input handling, hardcoded routing, and broad agent-to-agent access.
Only install this if you trust the maintainer and are comfortable with it directly editing your OpenClaw configuration. Before use, patch the scripts to validate agent IDs, remove the hardcoded Feishu group ID, avoid node -e string interpolation, back up /home/admin/.openclaw/openclaw.json, and explicitly review Feishu credentials and agent-to-agent permissions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious agent name, ID, model, App ID, or App Secret could cause local code execution or corrupt the OpenClaw configuration.
User-supplied arguments are interpolated directly into JavaScript source passed to node -e. Quotes or crafted values can break out of the string and execute unintended Node code.
node -e "... const agentId = '$AGENT_ID'; ... const appSecret = '$APP_SECRET'; ..."
Do not pass raw shell variables into node -e. Validate identifiers with a strict regex, pass values through argv or environment variables, and JSON-encode values before writing config.
Deleting an agent could remove more local data than intended if the ID is malformed or attacker-controlled.
The script uses an unvalidated agent-id in recursive delete paths. Because slashes or '..' are not rejected, a crafted ID can target unintended directories.
rm -rf "$AGENTS_DIR/$AGENT_ID" rm -rf "$WORKSPACE_BASE/workspace-$AGENT_ID"
Reject path separators and traversal sequences, canonicalize paths before deleting, require the resolved path to stay under the intended OpenClaw directory, and back up config before mutation.
A newly created bot may be connected to an unexpected Feishu group or account scope, and its secret is written into the main OpenClaw config.
The script stores Feishu credentials, enables the account, and binds every new agent to one hardcoded Feishu group ID instead of requiring the user to choose or confirm the target peer.
config.channels.feishu.accounts[agentId] = { appId: appId, appSecret: appSecret, domain: 'feishu', enabled: true };
...
id: 'oc_b34e7d612305f015d0a9a061fef1dec3'Make the Feishu group/peer ID an explicit user-supplied parameter, confirm it before writing config, document where secrets are stored, and avoid enabling accounts until the user reviews the binding.
A newly created bot may gain access to inter-agent communication paths that expose information or influence other agents beyond what the user expected.
Each created Feishu agent is automatically added to the agent-to-agent allow list, with no artifact evidence of scoped peers, actions, or data boundaries.
config.tools.agentToAgent.allow.push(agentId);
Do not grant agent-to-agent access by default. Ask the user to opt in, specify allowed peers/actions, and document what data can move between agents.
Future agent sessions may reuse information saved in the generated workspace.
The created workspace includes persistent memory files. This is aligned with creating a long-lived agent, but it affects retention of user and conversation context.
- **Daily notes:** `memory/YYYY-MM-DD.md` — raw logs of what happened - **Long-term:** `MEMORY.md` — your curated memories
Review the generated workspace files, decide what may be stored, and periodically clear or restrict memory files if they contain sensitive information.