Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Post
v1.1.7Send rich text post messages with native emoji support and markdown-like formatting to Feishu users or chats using Feishu Post content structure.
⭐ 0· 1k·13 current·13 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the code: send.js, markdown parser, emoji map, and API calls implement Feishu Post messages. However, the skill does not declare any required environment variables/credentials even though it depends on a separate feishu-common module (mentioned in SKILL.md) which would be the component that holds Feishu API credentials. The relative dependency (utils/feishu-client.js attempts to require '../../feishu-common/index.js') is unusual and means the skill expects a local sibling module to provide authentication rather than declaring its own credentials.
Instruction Scope
SKILL.md scopes the skill to sending posts and mentions installing feishu-common first. The runtime instructions and code only call Feishu endpoints (open.feishu.cn) and read message text from either --text or a provided --text-file. Caveats: the CLI writes a temp file to /tmp when given --text (expected but notable), send.js can read arbitrary file paths supplied via --text-file (user-supplied path), and debug_msg.js contains explicit code to fetch specific message IDs from the Feishu IM API (this debug script could be used to retrieve messages if run with valid credentials). There are no instructions that ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints, but the presence of debug_msg.js and the ability to supply arbitrary file paths increases the blast radius if credentials are present.
Install Mechanism
This is listed as instruction-only (no formal install spec). The package.json and package-lock.json show Node dependencies (e.g., @larksuiteoapi/node-sdk, dotenv) that would typically require npm/yarn install to run. There is no packaged install step described in SKILL.md, which may mislead users into thinking no installation is necessary. No high-risk external download URLs or extract steps were found in the provided manifest.
Credentials
The skill declares no required env vars, but sending messages to Feishu requires authentication. The skill delegates auth to a separate local module 'feishu-common' (loaded via a relative path), which will likely require Feishu credentials (app_id/app_secret or tokens). Because this skill does not declare those credential requirements, users may not realize that installing/using it will grant the code access to Feishu credentials and any permissions those credentials carry. No unrelated credentials are requested, but the omission of explicit credential declarations is a proportionality and transparency concern.
Persistence & Privilege
Flags show the skill is not forced-always and model invocation is enabled (normal). The skill does not request permanent presence or modify other skills' configs. It does try to load a sibling feishu-common module but does not write global config or enable itself automatically.
What to consider before installing
This skill appears to implement Feishu rich-text posts as described, but review these before installing or running: 1) Authentication: the skill expects a local feishu-common module to supply Feishu credentials (loaded via a relative path). Installing or running it with that module will grant this code access to your Feishu API tokens — confirm what feishu-common does and where credentials are stored. 2) Missing disclosures: the skill metadata does not list required env vars (credentials) or an install step (npm install). Expect to run npm install and to provide Feishu credentials elsewhere. 3) Debug and file access: debug_msg.js contains API calls that fetch message data (would expose message contents if run with credentials). The CLI can read any file path passed with --text-file, and it writes temporary files to /tmp when using --text; avoid passing sensitive file paths. 4) Practical advice: inspect the feishu-common code before use, avoid running debug_msg.js on a live credentialed environment, run the tool in an isolated environment, and only grant the minimum Feishu permissions needed. If you want a safer assessment, provide the feishu-common module (or its manifest) so we can review how credentials are loaded/used and whether any unexpected endpoints or persistence exist.Like a lobster shell, security has layers — review code before you run it.
latestvk977dnk06nj133s7y01167xgsh817xxf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.