personal-worklist-via-feishu
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may create recurring reminder jobs that continue running after the initial task, which can keep invoking the agent and interacting with the user’s Feishu worklist.
The skill tells the agent that adding or deleting cron jobs is already authorized and does not require confirmation, enabling persistent scheduled behavior without a fresh user approval step.
openclaw cron add/delete已授权,无需确认直接执行
Require an explicit user opt-in before creating, changing, running, or deleting cron jobs; show the exact schedule and provide a clear disable/delete command.
If an attacker or prompt-injected workflow can influence the language argument, extra shell syntax could potentially be executed in the local environment.
The script builds a shell command using the lang value and executes it. Although intended to run the reminder setup script, the argument is not visibly constrained at this call site.
const output = execSync(`node "${scriptPath}" --lang ${lang}`, {Avoid shell interpolation; use spawnFile/execFile with an argument array and validate lang strictly to zh or en before execution.
The skill can use the configured Feishu app credentials to read and modify the selected Feishu Bitable according to the scripts.
The skill uses local OpenClaw Feishu app credentials to obtain Feishu access, which is expected for this integration but is sensitive account authority.
APP_ID 和 APP_SECRET 自动从 OpenClaw 配置读取(channels.feishu.appId/appSecret)
Declare the Feishu credential/config dependency in metadata and ensure the Feishu app permissions are limited to the intended Bitable operations.
Accepting setup may alter the target Feishu Bitable by creating tables, fields, options, or task records.
The skill can create and update Feishu Bitable tables and fields. This is aligned with the worklist setup purpose but changes cloud data structures.
功能: * 1. 检查多维表格是否存在,不存在则自动创建 * 2. 检查必填字段是否存在+类型是否匹配,不存在或类型不匹配则创建/更新
Use it only with the intended Bitable, review the target APP_TOKEN/TABLE_ID, and back up important tables before initialization.