ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

快速部署飞书的多个Bot军团,只需要在飞书配置好机器人,然后就可以马上创建并联动

v1.0.0

OpenClaw 多 Bot 多 Agent 一键搭建技能。根据用户提供的 Bot 名称、职能、模型和飞书凭证,自动完成 Agent 创建、账号配置、路由绑定和验证测试全流程。

2· 233·0 current·0 all-time
by@bacon-123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill claims to create OpenClaw agents and bind Feishu bots; the SKILL.md only uses OpenClaw CLI commands (agents add, channels add, config set, agents bind, gateway restart) and operates on OpenClaw config and workspace paths — these are coherent and necessary for the stated task.
Instruction Scope
Instructions remain within deployment scope (backup config, create agent, set Feishu appId/appSecret, bind route, restart and verify). Minor issues: credentials (appSecret) are placed into OpenClaw config (may be stored plaintext depending on OpenClaw), and examples mix ~/.openclaw and /root/.openclaw which could cause permission surprises if run as non-root or root. The workflow also implies sending test messages to Feishu (expected for validation) which involves network activity to the third-party platform.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written by the skill itself beyond the CLI commands it instructs the agent to run. Lower install risk.
Credentials
The skill asks the user to provide Feishu appId/appSecret (sensible for this purpose) but declares no environment variables because these are expected as direct inputs. Storing appSecret into openclaw config may be necessary but is sensitive; the skill does not require unrelated credentials or system secrets.
Persistence & Privilege
always is false and there is no install-time persistence. The skill modifies only OpenClaw configuration and workspaces as part of its intended function; it does not attempt to alter other skills or global agent settings.
Assessment
This skill appears to do exactly what it says: it runs OpenClaw CLI commands to create agents and configure Feishu accounts. Before running it, ensure: (1) you have the openclaw CLI installed and tested; (2) you understand where credentials will be stored — appSecret will be written into OpenClaw config (check whether openclaw.json stores it encrypted or plaintext); (3) pick the correct home/workspace paths (the doc mixes ~/.openclaw and /root/.openclaw) and run with an account that has appropriate filesystem permissions; (4) restrict the Feishu app permissions to the minimum necessary and rotate appSecret if exposed; (5) test in a staging environment first (don't paste appSecret in public chats). If you need the skill to avoid storing secrets in config, request a version that uses an external secret store or prompts for ephemeral tokens instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk9703wy36vqa1rcjwdf40b6g7h82r2vh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments