Feishu Api Cache Fix
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: feishu-api-cache-fix Version: 1.0.1 The skill bundle aims to fix a Feishu API rate limit issue by modifying a specific OpenClaw internal file (`probe.ts`) to add a 2-hour cache. The `fix_feishu_cache.sh` script backs up the original file and then overwrites it with new TypeScript code that implements the caching logic. The `SKILL.md` explicitly states the need for `sudo` for this system-level modification. There is no evidence of data exfiltration, malicious execution, persistence, prompt injection attempts against the agent, or obfuscation. All actions are transparent and directly align with the stated purpose of fixing a rate limit issue.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this can change how OpenClaw’s Feishu integration behaves for the whole installation.
The script directly overwrites an installed OpenClaw extension source file in a protected global path, which is a high-impact tool action with limited containment.
PROBE_FILE="/usr/local/lib/node_modules/openclaw/extensions/feishu/src/probe.ts"
cp "$PROBE_FILE" "${PROBE_FILE}.bak"
cat > "$PROBE_FILE" << 'EOF'Do not run it automatically; inspect the target file, confirm the exact patch, and prefer an official or minimally scoped fix with a documented rollback.
A privileged script can alter system-level OpenClaw files and may be difficult to audit after execution.
The documented usage requires sudo, granting the script elevated privileges to modify protected application files.
sudo bash fix_feishu_cache.sh
Only run with elevated privileges if you fully trust and understand the script; otherwise apply a reviewed patch manually.
Feishu failures or invalid credentials could be hidden, causing later workflows to fail in less obvious ways.
The replacement function affects the shared Feishu probe and returns success without performing the original health or credential check.
export async function probeFeishu(creds) {
const cacheKey = creds?.appId || "no-creds";
...
const result = { ok: true, cached: false };Use a cache that stores the real probe result rather than replacing the probe with an unconditional success response.
Users may believe they are installing a safe performance optimization when they are actually disabling meaningful Feishu probing.
The description frames the change as adding a 2-hour cache, but the included script replaces the probe with a hardcoded successful result rather than just caching real Feishu API responses.
Add 2-hour cache to probe.ts
Treat the description as incomplete; review the code behavior before installing and ask for a version that accurately documents its effects.