Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Bot Full Setup
v1.0.0创建飞书企业自建机器人,并完成权限导入、事件订阅、卡片回调和版本发布全流程。适用于创建飞书机器人、飞书应用机器人,或自动化完成飞书开放平台建机器人流程的场景。
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (create Feishu enterprise bot and complete lifecycle) aligns with the included script and permission list. Use of browser automation (Playwright), QR login, and requesting app_id/app_secret are expected for this workflow.
Instruction Scope
SKILL.md tells the agent to run the bundled Python script and to retrieve the QR PNG and returned JSON (app_id/app_secret). The instructions do not clearly warn that the script will attempt to install Python packages, download bootstrap scripts and browser binaries, or run package-manager commands. The script writes files under /tmp and a profile dir and prints the app_secret to stdout — all within the skill's operational scope but sensitive and potentially surprising if the user expected a dry or read-only helper.
Install Mechanism
There is no platform install spec, but the script will perform network installs at runtime: it downloads get-pip.py from bootstrap.pypa.io, installs Python packages (playwright, etc.), and triggers Playwright/browser binary downloads (or uses system browser). It may also attempt apt/yum/dnf installs of system libraries. Network downloads and package-manager usage are legitimate for Playwright but increase risk (unexpected external code and binary fetches).
Credentials
The skill does not request external API keys up front and uses QR-based login (avoiding direct credential input), which is appropriate. However the script outputs app_secret on stdout and expects the agent to parse and return it to the user — this exposes a sensitive secret that should be handled carefully. The script honors a number of env vars (PLAYWRIGHT_*, FEISHU_BOT_*) documented in SKILL.md; these are relevant and proportional.
Persistence & Privilege
The skill is not always:true and does not claim persistence. It creates local state (profile dir, PID, QR PNG) under /tmp and may invoke system package managers; these are normal for browser-automation tasks but can be intrusive. The SKILL.md does not explicitly call out package-manager or system-level changes that may require elevated privileges.
What to consider before installing
This skill appears to implement what it claims, but it will download and install packages and browser binaries at runtime, may attempt to run apt/yum/dnf to install system libraries, and writes temporary files and a Chrome profile under /tmp. It also prints the created app_secret to stdout which the agent will parse and return — treat that output as a secret. Before installing/running: (1) review the full script locally; (2) run it in an isolated environment (container or VM) to limit package-manager changes and network exposures; (3) ensure you are comfortable with automatic downloads from pypa.io and Playwright download hosts; (4) only allow your agent to forward the app_secret to trusted destinations and consider rotating the secret after use. If you need lower-risk operation, consider manually performing the creation steps or adapting the script to avoid automatic system installs and to store secrets in a secure vault rather than stdout.Like a lobster shell, security has layers — review code before you run it.
latestvk9701vc7ykc1swrtbb06bb2z0h844wcv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
Any binpython3, python