Skillv1.0.2

ClawScan security

feishu-process-feedback · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files broadly match its description (background listener, per-task processes, progress feedback), but there are important mismatches and incomplete pieces you should understand before installing.
Guidance: This package provides the processing and feedback engine (spawning per-task Node processes, progress messages, state persistence), but it does not include an implemented Feishu message fetcher — getLatestMessage() is a TODO. Before installing or running: 1) Review and implement secure Feishu integration (decide whether to use OpenClaw's Feishu channel or call Feishu API directly). If you call the API, store tokens securely and do not hard-code them. 2) Ensure the 'openclaw' CLI is present and the 'feishu' channel is configured (or replace sendFeedback with an API call); the skill uses shell exec to send messages. 3) Audit sendFeedback escaping and test for command-injection edge cases if you keep the exec-string approach; prefer execFile/spawn with args or direct API calls to avoid shell injection. 4) Run the skill in a restricted environment first (non-privileged account) and inspect the logs (.listener.log, .tasks.log) and state file (.listener_state.json) for any sensitive data. 5) Because the listener currently won't receive messages out-of-the-box, treat this as a template that requires developer work before it can be safely and effectively used.

Review Dimensions

Purpose & Capability: noteThe skill claims to listen to Feishu messages and auto-process tasks. The code implements process management, progress reporting, and sending feedback (via the 'openclaw message send' CLI), but the listener's getLatestMessage() is a stub (returns null) and only includes a TODO to integrate the Feishu API. In other words: the progress/processing plumbing exists, but the actual message-fetching integration is not implemented and requires the user to add Feishu API logic or rely on external OpenClaw channel configuration.
Instruction Scope: noteSKILL.md instructs running the listener as a background service and editing scripts/listener.js to integrate Feishu API. The runtime instructions do not ask the agent to read unrelated system files, but they do tell operators to run and background node processes and to modify code to add an ACCESS_TOKEN example. That gives maintainers broad discretion to change message-fetch logic; the skill itself will write logs and a state file inside its own skill directory.
Install Mechanism: okThere is no remote install/download step; the package contains source files and package.json. No external archive downloads, URL shorteners, or extraction steps were present. Installation is expected to be manual (clone/copy or clawhub).
Credentials: concernRegistry metadata lists no required environment variables or primary credential, but SKILL.md and code rely on several FEISHU_* env vars (poll interval, concurrency, verbose, timeouts). The code also expects the 'openclaw' CLI to be available and a configured 'feishu' channel or, if the user edits listener.js, a Feishu ACCESS_TOKEN — none of these credentials are declared in the metadata. That mismatch means sensitive credentials (Feishu tokens or OpenClaw channel credentials) may be needed but are not declared up-front.
Persistence & Privilege: okalways is false and the skill runs as a normal runnable background service. It creates detached child Node processes, writes logs and a state file under the skill directory, and does not attempt to modify system-wide configs or other skills. Behavior is persistent only in the skill's own directory.