快速部署飞书的多个Bot军团,只需要在飞书配置好机器人,然后就可以马上创建并联动
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for deploying Feishu bots, but it can automatically make persistent OpenClaw agent, routing, gateway, and credential changes with limited scoping or rollback guidance.
Install only if you are comfortable letting the agent modify OpenClaw agents, Feishu channel accounts, route bindings, and gateway state. Before running it, confirm the exact bot list, credentials, model IDs, and bindings; keep the backup; use least-privilege Feishu app permissions; and ask for a dry run or manual confirmation before changes are applied.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could change OpenClaw agent, channel, route, or gateway configuration beyond the intended bot setup.
The skill grants broad access to the OpenClaw CLI, not just the specific subcommands needed for this workflow.
allowed-tools: Bash(openclaw:*), Bash(cp:*), Bash(date:*), Bash(mkdir:*)
Limit allowed tools to the exact OpenClaw subcommands needed, add a dry-run summary, require user confirmation before applying changes, and document a rollback procedure.
A mistaken bot name, model, account, or route could persist in OpenClaw and affect message routing or service availability.
The documented default flow performs non-interactive persistent configuration mutations and restarts the gateway.
openclaw agents add <agent-id> ... --non-interactive ... openclaw config set "channels.feishu.accounts.<agent-id>.appSecret" "<appSecret>" ... openclaw gateway restart
Show the exact commands and affected configuration first, require approval before execution, and provide tested undo steps for removing the agent, channel account, binding, and backup.
Anyone with access to the conversation or resulting OpenClaw configuration may be able to see or misuse the Feishu app credentials.
The skill asks the user to provide Feishu credentials and writes the app secret into OpenClaw configuration. This is purpose-aligned but sensitive.
appId: <飞书 App ID> appSecret: <飞书 App Secret> ... openclaw config set "channels.feishu.accounts.<agent-id>.appSecret" "<appSecret>"
Use least-privilege Feishu app permissions, avoid pasting production secrets where possible, prefer a secure credential store if OpenClaw supports one, and rotate the secret after testing if exposure is a concern.
A bad binding or restart at the wrong time could interrupt or misroute existing bot traffic.
Route binding and gateway restart can affect how messages are delivered across the OpenClaw gateway, not just the new bot.
openclaw agents bind --agent <agent-id> --bind "feishu:<agent-id>" openclaw gateway restart
Run this during a maintenance window for shared deployments, verify existing bindings before changes, and keep the generated backup available for restore.
New bot agents may continue responding through Feishu until they are disabled or removed.
The core purpose is to create persistent agents and bot accounts. This is disclosed and purpose-aligned, but users should recognize that the agents remain after the skill run.
一键创建多 Bot 多 Agent 配置 ... openclaw agents add <agent-id>
Track each created agent and channel account, and add explicit cleanup instructions for disabling or deleting bots that are no longer needed.