Auto Push System Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Feishu automation purpose, but it can automatically send local file contents named in logs to a preset Feishu chat and rename those files without clear safeguards.
Review carefully before installing. Only use it after setting your own Feishu chat ID, restricting allowed content directories, disabling or reviewing cron jobs, and confirming every external push destination. Do not use it for sensitive documents until the path validation, redaction, and credential declarations are fixed.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or mistaken log entry could make the skill push an unintended local file to Feishu.
The monitor trusts CONTENT_READY lines in log files to select a path and invoke the push script; the visible code does not enforce the documented CONTENT_PATHS allowlist.
while IFS= read -r line; do ... if echo "$line" | grep -q "$CONTENT_SIGNAL" ... "$(dirname "${BASH_SOURCE[0]}")/push-content.sh" "$path" "$title"Validate paths against a strict allowlist, require confirmation for new sources, and reject absolute/private paths before invoking the push command.
Your Feishu-authorized account could post content to an unintended chat if the default is not changed.
The generated configuration defaults to a specific Feishu chat while the skill uses the user's OpenClaw/Feishu authorization; registry metadata declares no primary credential or required env vars.
TARGET_CHAT_ID="oc_c133e85bd6eb593e08dcf7aed3a8530b"
Require the user to set TARGET_CHAT_ID during setup, declare the Feishu/OpenClaw credential requirement in metadata, and fail closed if the destination is still a placeholder/default.
Sensitive local content could be disclosed into a Feishu chat as part of an automatic notification.
The script reads up to 1000 lines from a local file and sends it through the OpenClaw Feishu channel, but the artifacts do not define clear data boundaries, redaction, or approval controls.
content=$(head -1000 "$CONTENT_PATH" ...); openclaw message send --channel feishu --target "$TARGET_CHAT_ID" --message "$message"
Add redaction and size/type checks, show the destination and preview before sending, and limit uploads to user-selected content directories.
A wrong path could cause an important file to be renamed after being sent.
After a log-triggered push, the script renames the source file, so a bad trigger can propagate from logs into both external posting and local file mutation.
mv "$CONTENT_PATH" "${CONTENT_PATH}.processed" 2>/dev/null || trueDo not mutate source files by default; use a separate processed-state database and only move files inside a dedicated staging directory.
Once scheduled, the workflow may keep posting without you manually starting each push.
Recurring background monitoring is disclosed and aligned with the skill's purpose, but it is persistent automation that can post externally.
系统自动执行:- 每5分钟扫描日志文件 - 检测`CONTENT_READY`信号 - 创建飞书文档 - 发送通知
Make cron setup explicitly opt-in, document how to disable it, and review schedules before enabling automation.
Setup may fail or leave the default configuration in place, including the preset Feishu chat destination.
The README instructs users to run configure.sh, but the provided manifest only includes install.sh and package-skill.sh under scripts, indicating an incomplete or mismatched package.
bash scripts/configure.sh
Provide all referenced helper scripts, align metadata with actual requirements, and avoid publishing incomplete packaging references.
Users may over-trust the workflow for sensitive content based on unsupported security and compliance claims.
The visible implementation is bash scripts that read files, log events, and send Feishu messages; the included artifacts do not show the claimed encryption, compliance, or RBAC controls.
End-to-end encryption ... GDPR/CCPA compliance ready ... Role-based access control
Remove or substantiate these claims, and document the actual privacy model, log contents, credential handling, and data destinations.