Feishu All In One

This skill appears to implement the Feishu features it claims, but check these before installing: - Metadata mismatch: SKILL.md requires FEISHU_APP_ID and FEISHU_APP_SECRET (and shows exporting them), but the registry metadata did not list required env vars — treat SKILL.md as the authoritative runtime requirement. - The scripts read your ~/.openclaw/openclaw.json and current working directory to resolve agent/account bindings. Review that file for any secrets or tokens you don't want the skill to access. - The callback server can POST card callback events to an OpenClaw Gateway URL (OPENCLAW_GATEWAY_URL / OPENCLAW_GATEWAY_TOKEN or config.gateway.*). If you set a gateway token/URL, callback data (card actions) will be forwarded there — only configure this to a gateway you control/trust. - The skill uses network calls to Feishu APIs and (optionally) to the configured Gateway. If you need to audit behavior, run the scripts in an isolated environment and inspect package.json / package-lock.json to verify dependencies. - Faster-whisper installation and transcription can download model artifacts and use significant resources; install that component only if you need voice-to-text. If you accept these behaviors and trust your OpenClaw gateway/config, the skill is coherent with its purpose. If you are unsure about exposing contents of ~/.openclaw/openclaw.json or forwarding callbacks to a remote gateway, do not enable the callback/Gateway integration until you verify the configuration.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.