Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
feishu-sticker
v1.0.8Send images as native Feishu stickers with auto-upload, caching by hash, GIF-to-WebP conversion, compression, and keyword-based sticker search.
⭐ 1· 866·11 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match the code (uploading and sending images to Feishu). However the published metadata lists no required environment variables or credentials, while the code (send.js) requires FEISHU_APP_ID and FEISHU_APP_SECRET and will exit if they are not present. find.js also contains a hard-coded home path (/home/crishaocredits/...) instead of a generic default, which looks like leftover developer-specific configuration. These discrepancies mean the declared purpose does not match what the code actually needs.
Instruction Scope
SKILL.md describes sticker directory and npm install but does not document the FEISHU_APP_ID/FEISHU_APP_SECRET requirement or the skill's behavior of reading ../../.env and writing token and image-key cache files under a 'memory' path. The code will: read arbitrary files (via --file), create/modify directories (sticker dir, memory cache), delete original GIFs if they are in the sticker dir, and upload chosen files to Feishu. Uploading arbitrary local files is consistent with sending stickers but is also a capability that can be abused to exfiltrate sensitive local files if credentials are provided — this risk is not documented in SKILL.md.
Install Mechanism
There is no remote download URL or installer; dependencies are standard npm packages (commander, dotenv, ffmpeg-static). The package-lock.json points to npm registry packages. The ffmpeg-static dependency runs an install script (normal for that package) and is GPL-licensed; this is expected for GIF->WebP conversion. No high-risk custom download URLs are present.
Credentials
Registry metadata declares no required env vars, but send.js requires FEISHU_APP_ID and FEISHU_APP_SECRET (and loads ../../.env). The code will read environment variables outside what SKILL.md documents and will write token and image-key caches into workspace-level memory paths (e.g., '../../memory/feishu_token.json'). That mismatch is a red flag — credentials are required but not advertised, and the skill will access and persist authentication tokens and caches outside its own directory.
Persistence & Privilege
The skill writes token and image-key caches to a shared 'memory' location (TOKEN_CACHE_FILE '../../memory/feishu_token.json' and an image key cache). It may create or delete files under the user's sticker directory and the memory directory. It does not set always:true and does not modify other skills' configs, but the undocumented read/write of ../../.env and '../../memory' may give it persistent data stored on disk beyond the skill's installation directory — this should be expected and reviewed before use.
What to consider before installing
Key points to consider before installing or running this skill:
- Credentials required but not documented: send.js requires FEISHU_APP_ID and FEISHU_APP_SECRET (loaded via process.env and ../../.env). Do not supply full-privilege production credentials until you audit the code. Prefer a dedicated, limited-permission Feishu app/account.
- Missing/misleading metadata: the skill metadata declares no required env vars, but the code needs FEISHU credentials and will exit without them. Treat the SKILL.md as incomplete.
- File I/O and persistence: the skill reads arbitrary files when you pass --file and will upload them to Feishu (intended behavior for stickers). It also writes token and image_key caches to a 'memory' directory outside the skill folder and may delete original GIFs located inside the sticker directory. Review and, if needed, change those paths to a safe sandbox before use.
- Hard-coded path: find.js has a default STICKER_DIR pointing at /home/crishaocredits/.openclaw/... which is developer-specific; update STICKER_DIR or ensure it points to a directory you control.
- Exfiltration risk: because the skill can upload arbitrary local files, a malicious or careless user-supplied invocation or compromised Feishu credentials could allow uploading sensitive local files. Only run it in a trusted environment and with credentials scoped to the minimum necessary.
- Dependency/licensing: ffmpeg-static is used (GPL-3.0-or-later). That is expected for conversion but be aware of license implications if redistributing.
Actionable steps:
1) Inspect and (optionally) modify send.js: change the .env path and cache locations to directories you control. Remove or review the code that deletes originals.
2) Create a Feishu app with least privilege and set FEISHU_APP_ID/FEISHU_APP_SECRET for that app only.
3) Run the tool in a sandbox/container so its disk writes are contained, and audit network traffic if you are concerned about unintended endpoints.
4) If you intend to publish or share, update SKILL.md and registry metadata to declare required env vars and explain cache file locations and deletion behavior.
If you want, I can point out exact lines to change (cache paths, hard-coded STICKER_DIR, .env location) or produce a safe wrapper that confines its file I/O to a dedicated directory.Like a lobster shell, security has layers — review code before you run it.
latestvk9785kt4rysjn3jkbak93957q9815yhf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.