Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
飞书群聊安全隔离
v2.1.2飞书群聊安全隔离 Skill,提供主人身份三重保障、技能安装确认、权限分级、防注入攻击、敏感路径保护等完整安全机制,保护机器人在群聊环境中的安全。
⭐ 0· 81·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Feishu group chat security/isolation) match the observed behavior: owner-identification, install-approval flow, path protection and injection blocking. Reading ~/.openclaw/openclaw.json and FEISHU_OWNER_ID is coherent for owner identification. No unexpected cloud or unrelated service access is requested. Minor mismatch: the registry metadata declares no required env vars or binaries, but the scripts/docs reference FEISHU_OWNER_ID and require 'jq'.
Instruction Scope
SKILL.md stays within the security/authorization scope: it specifies owner-identification sources, install-approval flows, path and injection blocking rules, and what to log. The instructions explicitly limit access to sensitive paths and do not instruct arbitrary file exfiltration. The SKILL.md mentions calling the Feishu API for owner identification (requires credentials) but that API step is described as optional/skipped by the installer; the instructions otherwise do not ask the agent to read system files beyond ~/.openclaw/openclaw.json and the local skill config.
Install Mechanism
No network downloads or external installers are used (instruction-only plus included install.sh/verify.sh), which is lower risk. The included install.sh/verify.sh create local logs and config and set file permissions. However, install.sh checks for 'jq' and will exit if missing; the registry did not declare 'jq' as a required binary. There are no obscure external URLs or archive extraction steps.
Credentials
The registry declared no required environment variables or primary credential, but SKILL.md and scripts reference FEISHU_OWNER_ID and describe possible use of Feishu App credentials for the Feishu API. The absence of declared env requirements is an inconsistency that reduces transparency. The env items referenced are reasonable for the stated purpose, but they are not documented in the registry metadata and the skill may require Feishu credentials to fully function.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It writes its own config.json and logs into its skill directory and sets restrictive permissions; it does not modify other skills or system-wide agent settings. No elevated persistence or privileged escalation was observed.
What to consider before installing
What to consider before installing:
- Inconsistent declarations: the registry lists no required env vars or binaries, but install.sh and SKILL.md reference FEISHU_OWNER_ID and require the 'jq' command. Expect to have jq installed or the installer will fail. The skill may also optionally use Feishu App ID/Secret to call the Feishu API — those credentials are not declared in the registry metadata.
- Data access: the installer and verifier read and update config.json in the skill directory and will read ~/.openclaw/openclaw.json to auto-identify an owner. If you are comfortable allowing a skill to read your OpenClaw config and to create/modify files under its own directory (~/.openclaw/workspace/skills/feishu-security), this is consistent with its stated purpose.
- No obvious exfiltration: there are no network download URLs or obfuscated remote endpoints in the shipped scripts; the Feishu API step is marked optional/skipped by install.sh. Still, if you provide Feishu credentials later, review how they are stored and used.
- Recommended steps before installing:
1) Inspect the two scripts (install.sh and verify.sh) yourself (or run them in a sandbox/container) to confirm behavior. They are short and readable.
2) Install 'jq' beforehand and verify you understand where config.json and logs will be written. Confirm log retention settings.
3) If you will provide Feishu App credentials, decide where to store them and review whether the skill stores them encrypted or in plaintext (current scripts don't implement API calls or credential storage, but the SKILL.md mentions API usage as a possible step).
4) Because the registry metadata omits the declared requirements, ask the publisher (or maintainers) to update the package metadata to list FEISHU_OWNER_ID and jq (and any other env vars) so installation expectations are clear.
- Bottom line: the skill appears to implement the claimed security features and contains no overtly malicious code, but the metadata omissions and minor inconsistencies in declared requirements mean you should verify/judge in a controlled environment before deploying to production.Like a lobster shell, security has layers — review code before you run it.
latestvk97ccq2fh9mdft52ysetgmwk2n83pb99
License
MIT-0
Free to use, modify, and redistribute. No attribution required.