ClawHub

Feishu Multi Agent Factory

v1.0.5

批量配置 OpenClaw 多 agent + 飞书 channel。当用户说「添加 agent」「新建 agent」「配置飞书」「批量创建 agent」「添加新机器人」时触发。通过对话引导收集信息,一键写入 openclaw.json 并初始化工作区。

1· 98·0 current·0 all-time
by@cchenwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match what the files do: the script creates workspace/agent dirs, updates ~/.openclaw/openclaw.json with agent entries and Feishu accounts, and adds bindings and allow lists. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md and the script keep scope to local configuration and workspace initialization. The instructions require running the included Python script with JSON input; the script writes to ~/.openclaw/openclaw.json, creates files/dirs, and prints masked secrets. It does not appear to collect or transmit data externally. Note: SKILL.md states auth-profiles.json will be 'copied from main', but the script contains a placeholder (get_main_auth_profiles returns None) and instead asks the user to run `openclaw configure` — a minor mismatch.
Install Mechanism
No install spec; the skill is instruction + a Python script bundled with the skill. Nothing is downloaded at install time and no external packages are pulled automatically.
Credentials
No environment variables or external credentials are requested by the skill itself. It prompts the user to provide Feishu AppId/AppSecret (appropriate). However, those secrets are written into ~/.openclaw/openclaw.json in plaintext (the script masks them in printed notes/logs but stores the full appSecret in the config). That is expected for a local config tool but is a secrecy risk if the file is not protected.
Persistence & Privilege
always is false and the skill does not request system-wide privileges beyond writing into the user's ~/.openclaw directory and (optionally) restarting the OpenClaw gateway. Modifying the user's OpenClaw config is consistent with the tool's purpose. The file tail was truncated, so the exact restart implementation couldn't be fully verified.
Assessment
This skill appears to do what it says: it helps create agent directories and adds Feishu account entries to your local ~/.openclaw/openclaw.json. Before running it, consider: 1) Secrets are stored in openclaw.json in plaintext — ensure that file's filesystem permissions are tight (chmod 600) or use an encrypted secret store if you need stronger protection. 2) The script may restart the OpenClaw gateway when run with --restart; confirm what command it executes (the file's tail was truncated) to ensure no unexpected shell execution. 3) There's a small mismatch: SKILL.md mentions copying auth-profiles but the script currently defers that to `openclaw configure`; expect to run that manually. 4) Review the full script contents on your machine before invoking it with real credentials. If you need higher assurance, ask the author for the complete script or run it in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97agcvbmmga7dpma0zs6sx2fx83pnas

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments