Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Doc
v1.2.7Fetch content from Feishu (Lark) Wiki, Docs, Sheets, and Bitable. Automatically resolves Wiki URLs to real entities and converts content to Markdown.
⭐ 8· 7.9k·269 current·284 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim a Feishu (Lark) reader/writer which legitimately needs Feishu app credentials and a Node runtime. However the registry metadata claims no required environment variables or binaries, which contradicts the SKILL.md and source (which reference FEISHU_APP_ID / FEISHU_APP_SECRET and the @larksuiteoapi node SDK). Also the package ships large cache files containing Feishu document content (including internal/wiki links and tmp download URLs); bundling cached workspace data with the skill is unexpected for a simple 'fetch/convert' utility and raises data-leak concerns.
Instruction Scope
SKILL.md instructs the agent to use a ../feishu-common dependency and to set FEISHU_APP_ID/FEISHU_APP_SECRET or config.json — but the registry metadata omitted these env requirements. Instructions are otherwise scoped to reading/creating/updating Feishu docs. The codebase includes many cached documents (full content) and mentions loading ../common/env; referencing a parent-sibling shared module that is not included is fragile and could cause the runtime to load unexpected local modules if the execution environment differs. The presence of large caches of external documents means the package itself contains potentially sensitive document content that will be read/served by the skill.
Install Mechanism
No install spec is provided (instruction-only in metadata), yet a full Node project is included (package.json, package-lock.json, many .js files). This mismatch means the skill will rely on the runtime having Node and dependencies installed. The code imports @larksuiteoapi/node-sdk and '../common/env'; no external binary install is declared. That lack of clarity is a packaging/integrity concern but not direct evidence of malicious install behavior.
Credentials
SKILL.md and README explicitly require FEISHU_APP_ID and FEISHU_APP_SECRET (and code references process.env.FEISHU_APP_ID/SECRET), but the registry metadata lists no required env. That is an inconsistency the user should treat as suspicious. Also the bundle already contains cached document contents and temporary download URLs — the packaged cache suggests the skill already carries external data, which is unrelated to requesting only Feishu credentials but increases the sensitivity of what the skill can access or expose.
Persistence & Privilege
always:false (normal). The package writes/contains a cache/ directory and expects a config.json; it will persist caches and possibly tokens locally. That persistence is reasonable for a fetch/cache tool, but shipped caches with real document content increase the blast radius if the skill is granted credentials or is run in a sensitive environment. The skill does not claim to modify other skills or system-wide configs.
Scan Findings in Context
[base64-block] unexpected: The scanner flagged base64-encoded blocks/patterns (the repository uses base64-encoded filenames for cached URLs). While base64 is sometimes used legitimately for caching/encoding, the scan flagged it in SKILL.md context as a possible prompt-injection or obfuscation indicator — combined with large cached content this warrants extra scrutiny.
What to consider before installing
Do not give this skill your FEISHU_APP_ID or FEISHU_APP_SECRET until you verify its origin and code. Actionable steps:
- Confirm publisher identity and a homepage or repo; the 'Source: unknown' and no homepage are red flags.
- Review index.js and lib/auth.js before running; verify there are no undocumented outbound endpoints (other than open.feishu.cn) or telemetry. Pay attention to any code that posts data to non-Feishu URLs.
- Remove or examine the cache/ files: the package includes many cached Feishu docs (some large). Those caches may contain sensitive organizational data — decide whether you want those files bundled in the skill at all.
- Ensure you only install 'feishu-common' from a trusted source; the skill depends on ../feishu-common and ../common/env which may change runtime imports.
- If you proceed, run the skill in an isolated environment (sandbox/container) and monitor network traffic the first time it runs.
- If you cannot audit the code (index.js and all lib/*.js), prefer an officially published Feishu integration or a skill with clear dependency and credential declarations.
Confidence note: medium. The package appears to implement the claimed Feishu features, but the mismatches between metadata and the code/README, plus the presence of bundled cached documents and base64-encoded filenames, make the package suspicious and worth manual review before trust or credential entry.Like a lobster shell, security has layers — review code before you run it.
latestvk97809f4cnce4xw7xsbx28ptp5816d4g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.