飞书卡片消息
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: lark-card-sender Version: 1.0.0 The OpenClaw AgentSkills skill bundle for sending Feishu cards is classified as benign. The Python and Node.js code primarily focuses on constructing and sending interactive cards via the legitimate Feishu Open API. It correctly retrieves API credentials from environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET), which is standard practice for API authentication. The `install.sh` script performs only benign dependency installation. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the AI agent in any of the analyzed files. The Node.js component even explicitly simulates API calls, indicating reliance on the OpenClaw platform's internal messaging tools.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with real Feishu bot credentials, the agent could post messages into Feishu chats on the user's behalf, including mistakes or unintended bulk notifications.
The skill advertises a raw provider-API path that bypasses OpenClaw built-in limits and can post to both group and private chats. The provided artifacts do not define approval, allowlist, or recipient-scope controls around that messaging authority.
绕过OpenClaw内置限制,直接调用飞书OpenAPI实现专业级卡片消息发送。 ... 群组/单聊支持
Require explicit user confirmation of recipient, content, and batch size before sending; restrict allowed receive_id/chat_id values; and document the exact safety controls that replace the bypassed built-in limits.
Users must trust the skill with Feishu bot app credentials that can send messages within the app's permitted scope.
The code uses Feishu app credentials to obtain a tenant access token, while the registry metadata declares no required environment variables or primary credential. This is purpose-aligned but under-declared.
self.app_id = app_id or os.getenv("FEISHU_APP_ID")
self.app_secret = app_secret or os.getenv("FEISHU_APP_SECRET")Declare FEISHU_APP_ID and FEISHU_APP_SECRET in metadata, use a least-privilege Feishu app limited to intended recipients, and rotate the secret if it is ever exposed.
A user may run local setup steps that were not visible from the registry's install contract.
The README instructs users to run an install script even though the registry says there is no install spec. This may be benign setup, but users should inspect install-time actions because they are not represented in the install metadata.
# 运行安装脚本 ./scripts/install.sh
Publish an explicit install spec or document exactly what scripts/install.sh does, including dependencies and file changes.
Accidentally running example or test code could send a test card to an unintended Feishu recipient.
The test function includes a hardcoded Feishu open_id as a message recipient. The provided snippet does not prove automatic execution, but running tests with real credentials could send messages to a fixed account instead of a user-chosen target.
receive_id="ou_7a6d94f4f20cf166aa429d75fe09cc95"
Replace hardcoded recipient IDs with placeholders or require the recipient to be supplied explicitly at runtime.