Feishu Multi Agent Factory
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned, but it will store Feishu bot secrets and make persistent OpenClaw agent configuration changes, so users should review the requested changes before running it.
Before installing or running, review the dry-run output, confirm the exact agents and Feishu bindings, protect the local OpenClaw config file, and avoid pasting real Feishu secrets into places that may be logged or shared.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can change which agents exist, how messages are routed, and whether the OpenClaw gateway restarts.
The skill intentionally mutates OpenClaw's main configuration and restarts the gateway. This is purpose-aligned and requires confirmation, but it affects the user's running agent environment.
写入 `openclaw.json`(agents / feishu accounts / bindings) ... 用户确认后,正式执行并重启 gateway
Use the dry-run preview, confirm each agent and binding, and keep a backup of openclaw.json before applying bulk changes.
Anyone with access to the local OpenClaw config may be able to access the configured Feishu bot credentials.
The script stores Feishu App Secrets in the local OpenClaw configuration and enables the Feishu account for the new agent. This is expected for the integration, but it is credential-bearing configuration.
"appSecret": app_secret, "connectionMode": "websocket", "domain": domain, "enabled": True
Use least-privilege Feishu app permissions, protect ~/.openclaw/openclaw.json, and rotate any secret that may have been pasted into an unsafe chat or log.
Messages from Feishu chats can be routed to the new agents, and the new agents may be allowed to collaborate with other agents.
The script binds each new agent to a Feishu account. It also adds the agent ID to the agent-to-agent allow list elsewhere in the same setup flow, creating communication paths between external chat and agents.
bindings.append({
"agentId": aid,
"match": {
"channel": "feishu",
"accountId": aid
}
})Only connect trusted Feishu apps and groups, and review agent-to-agent allow entries after creation.
If untrusted text is used as an agent description, it could persist as part of the new agent's identity or operating context.
User-provided agent names, emojis, and descriptions are written into persistent workspace files that can shape future agent behavior.
identity_md.write_text(
f"# IDENTITY.md\n\n"
f"- **Name:** {name}\n"
f"- **Emoji:** {emoji}\n"
f"- **Description:** {desc or name}\n"Create agents only from trusted descriptions and review generated workspace files such as IDENTITY.md and SOUL.md.
Users may misunderstand whether main-agent API credentials are copied into new agents.
The user-facing checklist suggests auth profiles may be copied from the main agent, which would be sensitive credential/profile reuse and should be clearly scoped. The provided script comments indicate users should configure API keys separately, so this appears to be a documentation ambiguity rather than implemented hidden copying.
✅ auth-profiles.json | 从 main agent 复制
Clarify the documentation and verify generated agent directories before assuming credentials were or were not copied.