OpenClaw Feishu Multi-Agent
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent and not suspicious, but its optional write/fix commands can persistently change OpenClaw/Feishu agent configuration and store Feishu app credentials.
Install/use this only if you intend to manage an OpenClaw multi-agent Feishu setup. Start with dry-run commands, inspect generated files and planned changes, protect Feishu app secrets, and use backups before any --write or --fix operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs the write workflow, the local OpenClaw setup may allow the listed agents to communicate and route sessions differently.
The skill clearly discloses that write mode changes OpenClaw configuration and enables agent-to-agent tooling.
加上 `--write --backup` 才会真正写入 `~/.openclaw/` ... 打开 `tools.sessions.visibility=all` ... 打开 `tools.agentToAgent.enabled=true`
Run dry-run first, review the planned changes and roles file, and use --backup when applying changes.
Feishu bot credentials may be stored in local roles/config files and should be treated as secrets.
The apply script can copy Feishu app credentials from the roles file into OpenClaw account configuration.
for key in ("appId", "appSecret") ... account[key] = incomingUse least-privilege Feishu apps, protect roles.json and openclaw.json, and do not commit real appSecret values to shared repositories.
The generated instructions can change how agents behave in later Feishu and OpenClaw sessions.
The skill intentionally writes persistent protocol and identity files that future agents will use as context/instructions.
通常会创建或更新:`~/.openclaw/PROTOCOL.md` ... `{agentDir}/IDENTITY.md`Review generated PROTOCOL.md and IDENTITY.md content before applying it, and keep backups so changes can be reverted.
Configured agents may be able to send tasks to each other and access session context more broadly than before.
The generated configuration enables inter-agent communication and broad session visibility for the configured roles.
"tools": {"sessions": {"visibility": "all"}, "agentToAgent": {"enabled": True, "allow": allow}}Keep the roles allowlist limited to intended agents and verify that session visibility settings match your privacy needs.