Back to skill
Skillv1.0.2
VirusTotal security
feishu-process-feedback · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:39 AM
- Hash
- c8aa1416e4fc1cf665daf7131139d9241bff9f79aea34943ab218c004ad4e8ea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-process-feedback Version: 1.0.2 The skill bundle implements a Feishu (Lark) task listener that uses `child_process.exec` to send status updates via the `openclaw` CLI. This creates a significant Command Injection vulnerability in `scripts/listener.js` and `scripts/process_task.js`, as user-controlled message content is interpolated into shell commands. While the code appears designed for legitimate automation and lacks evidence of intentional malice (e.g., exfiltration or backdoors), the combination of high-risk shell execution and instructions for the agent to maintain persistent background processes is inherently risky.
- External report
- View on VirusTotal