Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Send
v1.2.0飞书发送图片/文件/语音。用 curl 调用飞书 API 发送,比 message 工具更可靠。用于需要发送图片、文件、语音到飞书时触发。
⭐ 0· 168·2 current·2 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims only Feishu send functionality, which is consistent with the curl calls. However the metadata declares no required config paths or env vars while the runtime instructions explicitly read $HOME/.openclaw/openclaw.json for appId/appSecret and expect AGENT_NAME; that mismatch (undeclared config access and env usage) is disproportionate to the manifest.
Instruction Scope
SKILL.md instructs the agent to read ~/.openclaw/openclaw.json (potentially exposing other stored channel credentials), to use AGENT_NAME (env var) with a fallback to 'main', and to invoke external HTTP endpoints. Reading a local agent config is outside a minimal 'send via Feishu' description unless explicitly declared; fallback to main increases risk of using unrelated credentials.
Install Mechanism
This is an instruction-only skill (no install spec), which is low-risk in itself. However the runtime requires curl and python3 (used in the provided shell snippets) but the registry metadata did not declare required binaries — an omission that should be corrected.
Credentials
Although the skill legitimately needs Feishu app_id/app_secret, those are obtained by reading a local openclaw.json file rather than declaring a specific credential input. The skill also uses AGENT_NAME env var (not declared). Accessing a general config file may expose multiple accounts; the fallback-to-main behavior can cause unintended use of broader credentials.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system-wide settings, and has no install steps that write code to disk. Autonomous invocation is allowed by platform default but is not combined here with other privilege escalations.
What to consider before installing
This skill appears to do what it says, but it reads your OpenClaw agent config (~/.openclaw/openclaw.json) and expects an AGENT_NAME env var even though the registry metadata doesn't declare these requirements. Before installing or enabling it: (1) inspect ~/.openclaw/openclaw.json to see what credentials would be accessible and whether using the 'main' fallback could expose unrelated app secrets; (2) set AGENT_NAME explicitly to avoid accidental use of the main account; (3) run the snippets in a safe/test environment to confirm behavior; (4) ask the publisher to update metadata to declare required config paths and binaries (curl, python3) and to remove or make explicit the fallback-to-main behavior; (5) if you cannot verify the config contents, avoid granting this skill access to your production environment.Like a lobster shell, security has layers — review code before you run it.
latestvk976mbz1zcp94qsaetbnc8twnx83ff6e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.