ClawHub

OpenClaw Feishu Multi-Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu/OpenClaw setup helper, but users should treat its role files and generated configs as sensitive because they may contain bot secrets.

Install only if you intend to manage a Feishu/OpenClaw multi-agent setup. Review dry-run output before using --write or --fix, keep backups, and do not paste, commit, or share real Feishu appSecret values in role files, generated JSON, chat logs, or repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs users to read and modify sensitive local files such as `~/.openclaw/openclaw.json`, `~/.openclaw/PROTOCOL.md`, and agent identity files, and later describes commands that can write into `~/.openclaw/`, but it declares no permissions. This creates a transparency and consent problem: an agent using the skill may perform file operations beyond what the user reasonably expects, especially because the targeted files control multi-agent routing and account bindings.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script renders an `openclaw.generated.json` file that embeds Feishu `appId` and `appSecret` values from the roles data directly into generated configuration. Storing secrets in generated artifacts without any warning, redaction, or safer secret-loading mechanism increases the chance of accidental disclosure through source control, artifact sharing, backups, or permissive filesystem access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template explicitly asks users to populate `appSecret` alongside other identifiers in a markdown table, which encourages handling long-lived credentials in plaintext and likely copying them into docs, chats, or repos. In this skill's context—configuring multi-agent Feishu/OpenClaw workflows—that is especially risky because these artifacts are intended to be reused and shared across teams, increasing the chance of credential leakage.

Session Persistence

Medium
Category
Rogue Agent
Content
--apply-identities
```

加上 `--write --backup` 才会真正写入 `~/.openclaw/`。

### 2. 生成可落地模板
Confidence
88% confidence
Finding
write --backup` 才会真正写入 `~/.openclaw/`。 ### 2. 生成可落地模板 当用户还没配好多 agent,或希望把角色表转换成可落地文档时,运行: ```bash python ".cursor/skills/openclaw-feishu-multi-agent/scripts/render_feishu_multi_agent.py" \ --role

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal