单向历
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its stated purpose, but its send script builds a shell command from editable configuration values, which creates a command-injection risk.
Review this skill before installing. Its purpose is straightforward, but the current implementation should be hardened before routine or scheduled use because crafted config values could turn the Feishu send command into unintended shell execution.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local config is edited maliciously or a user pastes a crafted value, running the skill or its cron job could execute unintended commands on the user's machine.
The shell command is assembled by string interpolation from config-derived userId and baseUrl/imageUrl values. userId is only checked with startsWith('ou_') and baseUrl is not shell-escaped, so a malformed or poisoned config value could inject shell syntax when the script runs.
const userId = config.feishu?.userId;
const baseUrl = config.settings?.baseUrl || 'https://img.owspace.com/Public/uploads/Download';
...
const cmd = `openclaw message send --channel=feishu --target=${userId} --media="${imageUrl}"`;
execSync(cmd, { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });Replace execSync shell strings with execFile/spawn using an argument array, strictly validate Feishu IDs with an allowlist regex, and validate or escape the image URL before passing it to any command.
Installing and using the skill gives it the ability to send Feishu messages through the configured OpenClaw/Feishu integration.
The skill uses OpenClaw's Feishu messaging channel to send media to the configured user ID. This is central to the skill's stated purpose and no credential theft or unrelated account access is shown.
openclaw message send --channel=feishu --target=${userId} --media="${imageUrl}"Use it only with the intended Feishu target ID and review any scheduled jobs so messages are sent only when expected.
If enabled, the skill will keep running every morning and sending the calendar image automatically.
The skill documents an optional daily cron task. This is disclosed and user-directed, but it creates persistence that continues sending daily messages until removed.
openclaw cron add \ --name "每日单向历" \ --at "0 8 * * *" \ --session isolated \ --message "node ~/.openclaw/workspace/skills/one-calendar/scripts/send.js"
Only add the cron job if you want recurring messages, and remove the cron entry when you no longer need the automation.
The skill may fail or behave differently if Node or the OpenClaw CLI is unavailable or not on PATH.
The registry metadata does not declare runtime binaries, while the provided docs and scripts rely on Node and the openclaw CLI. This appears to be an under-declared setup requirement rather than malicious behavior.
Required binaries (all must exist): none ... Install specifications No install spec — this is an instruction-only skill.
Declare required binaries and runtime assumptions in metadata or installation instructions so users can verify the environment before running it.