ClawHub

feishu-agents

v1.0.0

绑定飞书机器人到Agent。用户发送App ID和App Secret即可自动配置飞书账号并绑定到指定Agent。用于:(1) 用户提供App ID和App Secret (2) 创建或选择要绑定的Agent (3) 自动配置openclaw.json并重启Gateway。

0· 120·0 current·0 all-time
byOpenAix@aigcpro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actions in SKILL.md: collecting App ID/App Secret, creating/selecting an Agent, writing channels.feishu.* config keys, binding the agent, and restarting the gateway. No unrelated permissions, binaries, or external services are requested.
Instruction Scope
Instructions are narrowly scoped to openclaw CLI operations (agents add/list/bind, config set, gateway restart, channels status). They do require collecting sensitive credentials (App Secret) and writing them into openclaw.json via CLI, but they do not instruct the agent to read unrelated system files or exfiltrate data to external endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written by the skill itself. This is the lowest-risk install posture.
Credentials
No environment variables or external credentials are declared, which is consistent. The skill does ask the user to provide an App Secret (expected for this task). Risk: the guidance implies storing App Secret in openclaw.json (likely plaintext) — that is sensitivity-proportional but carries storage/exposure concerns that the SKILL.md does not address.
!
Persistence & Privilege
The workflow modifies agent configuration (openclaw.json) and restarts the Gateway — both are privileged, system-impacting operations. The skill is not marked always:true, but because model-invocation is enabled by default, an agent could autonomously run these CLI commands if invoked. The actions are coherent with the purpose but are high-impact and warrant explicit user confirmation and safe handling of secrets/backups.
Assessment
This skill appears to do what it says: it asks for an App ID and App Secret and runs openclaw CLI commands to add the account, set config keys, bind the Agent, and restart the Gateway. Before installing or using it: (1) be aware you will give it an App Secret — treat that as sensitive and only provide it in a secure session; (2) back up openclaw.json before making changes, and verify how/openclaw stores secrets (it may be plaintext); (3) confirm the agent will prompt you for explicit confirmation before running CLI commands that change config or restart services (to avoid accidental/autonomous execution); (4) rotate the App Secret after testing if you are unsure about storage; (5) ensure the Feishu app has only the minimal permissions required. If you need the skill to be stricter, request that it explicitly ask for confirmation before making changes and that it documents where credentials are stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzkmr2e0c6g80j84dmz2kts832fh5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments