Li Feishu Audio
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s Feishu voice purpose is coherent, but its implementation has review-worthy issues: possible local code execution from TTS text, Feishu secret exposure in install output, and under-disclosed logging of message content.
Review and patch the TTS script before installing, avoid running the installer where console output is logged, redact or rotate Feishu secrets if they were printed, and make sure message/transcript logging is acceptable for your Feishu workspace.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A specially crafted message or AI reply sent to the TTS script could run unintended Python code on the machine running OpenClaw.
The script inserts user/agent-provided TTS text and output path directly into a Python here-document instead of passing them as safely quoted arguments or JSON. Text containing Python string terminators could alter the generated Python code.
TEXT = """$TEXT""" OUTPUT = "$OUTPUT"
Do not use this script until it passes text as an argument, environment variable, stdin, or JSON-encoded value; quote the here-document delimiter or avoid generating Python source from untrusted text.
Feishu app secrets may appear in terminal output, captured logs, support transcripts, or CI records.
When Feishu configuration exists in openclaw.json, the installer prints the whole Feishu config object. That object can include appSecret credentials.
FEISHU_CONFIG=$(cat "$OPENCLAW_CONFIG" | jq '.channels.feishu' 2>/dev/null) ... echo "$FEISHU_CONFIG" | jq .
Redact secrets before printing configuration; verify only that required fields exist, and rotate any Feishu secret that may have been exposed.
Private voice transcripts or chat text could be written to runtime logs without users realizing it.
The handler logs incoming input, message content, and transcribed voice text. This conflicts with the security documentation’s broad claim that the skill does not collect voice content or chat records.
log(f"收到输入: {input_data[:200]}...")
log(f"消息内容: {message}")
...
log(f"识别结果: {text}")Disable or redact content logging by default, document exactly what is logged, and ensure logs have appropriate retention and access controls.
Installation may fetch newer dependency versions than the documentation implies, making behavior harder to reproduce or audit.
The installer pulls external Python packages without version pins, while SKILL.md documents specific package versions such as faster-whisper==1.2.1 and edge-tts==7.2.7.
uv pip install faster-whisper edge-tts -p "$VENV_DIR"
Pin dependency versions and preferably provide a lockfile or hash-verified requirements file.
If invoked with the wrong recipient or misused by an agent workflow, the bot could send audio messages through the user’s Feishu app.
The script uploads generated audio and sends Feishu messages using bot credentials. This is central to the skill’s purpose, but it is still third-party account mutation authority.
UPLOAD_URL="https://open.feishu.cn/open-apis/im/v1/files" ... SEND_URL="https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id"
Use least-privilege Feishu app permissions, confirm recipient scope, and require user approval for any non-reply or manually targeted sends.