OpenClaw Feishu Multi-Agent
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs the write workflow, the local OpenClaw setup may allow the listed agents to communicate and route sessions differently.
The skill clearly discloses that write mode changes OpenClaw configuration and enables agent-to-agent tooling.
加上 `--write --backup` 才会真正写入 `~/.openclaw/` ... 打开 `tools.sessions.visibility=all` ... 打开 `tools.agentToAgent.enabled=true`
Run dry-run first, review the planned changes and roles file, and use --backup when applying changes.
Feishu bot credentials may be stored in local roles/config files and should be treated as secrets.
The apply script can copy Feishu app credentials from the roles file into OpenClaw account configuration.
for key in ("appId", "appSecret") ... account[key] = incomingUse least-privilege Feishu apps, protect roles.json and openclaw.json, and do not commit real appSecret values to shared repositories.
The generated instructions can change how agents behave in later Feishu and OpenClaw sessions.
The skill intentionally writes persistent protocol and identity files that future agents will use as context/instructions.
通常会创建或更新:`~/.openclaw/PROTOCOL.md` ... `{agentDir}/IDENTITY.md`Review generated PROTOCOL.md and IDENTITY.md content before applying it, and keep backups so changes can be reverted.
Configured agents may be able to send tasks to each other and access session context more broadly than before.
The generated configuration enables inter-agent communication and broad session visibility for the configured roles.
"tools": {"sessions": {"visibility": "all"}, "agentToAgent": {"enabled": True, "allow": allow}}Keep the roles allowlist limited to intended agents and verify that session visibility settings match your privacy needs.