Skillv1.0.0

ClawScan security

Feishu Task Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 1:01 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions describe a Feishu integration that legitimately needs an App ID and App Secret, but the package metadata does not declare any required credentials or configuration details and there are small but meaningful naming/installation inconsistencies — this mismatch warrants caution.
Guidance: This skill appears to do what it claims (use Feishu task APIs) but the metadata is sloppy about credentials and naming. Before installing: (1) ask the author which exact config keys or env var names the skill reads (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET) and whether those are stored or transmitted anywhere; (2) prefer supplying the minimal API permissions the app needs and keep the app unpublished/internally scoped until you trust it; (3) confirm the correct ClawHub package name (feishu-task vs feishu-task-mgr) so you install the intended package; (4) if possible, test with a low-privilege Feishu app and monitor API usage for unexpected endpoints; and (5) avoid installing if you cannot get clear answers about where credentials are read/stored. If the maintainer can update the registry metadata to declare required env vars and primary credential, that would resolve the main coherence concern.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and readme describe a straightforward Feishu (Lark) Task API integration (create/list/complete/comment tasks) which legitimately requires Feishu app credentials. However, the registry metadata lists no required environment variables or primary credential. The readme/skill also reference installing ‘feishu-task’ while the registry slug is 'feishu-task-mgr' — a name mismatch that reduces confidence in the package metadata.
Instruction Scope: noteRuntime instructions are limited to calling Feishu Task API endpoints and standard task operations (no instructions to read arbitrary system files or exfiltrate data). However, the configuration guidance is vague: it tells the user to “configure the credentials in your OpenClaw config” without naming the exact env var keys or where/how they are stored, which grants ambiguous freedom and could mask improper handling of secrets.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That limits the attack surface compared with a skill that downloads or installs code.
Credentials: concernThe skill clearly requires Feishu App ID and App Secret (both mentioned in readme/SKILL.md), but the registry metadata declares no required env vars or primary credential. Absence of declared credentials is an incoherence: the skill will need secrets to operate but the metadata provides no guidance about what keys will be read, how they'll be stored, or which permission scope is primary.
Persistence & Privilege: okThe skill does not request always:true, has no install hooks, and is user-invocable. There is no indication it attempts to modify other skills or system-wide settings.