Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and instructions implement a Feishu file downloader and require FEISHU_APP_ID / FEISHU_APP_SECRET or an OpenClaw config; however the registry metadata lists no required environment variables or primary credential. That mismatch (skill will not work without credentials) is an incoherence that should have been declared.
Instruction Scope
SKILL.md and download.py instruct the agent to obtain tenant_access_token from Feishu and download resources via open.feishu.cn, and to read environment variables or ~/.openclaw/openclaw.json. That scope matches the stated purpose. However the SKILL.md contained detected unicode-control-chars (prompt-injection pattern) — this is suspicious for an instruction file intended to be interpreted by an LLM/evaluator and should be reviewed/cleaned.
Install Mechanism
No install spec (instruction-only plus a Python script). Only requires python3 and the requests dependency; no remote arbitrary downloads or unusual installers were specified.
Credentials
The skill legitimately needs Feishu app credentials (app id/secret) to obtain tenant_access_token, but those credentials are not declared in the registry metadata. The code also reads ~/.openclaw/openclaw.json if present (which may contain other channel configs) — while it only looks for feishu keys, loading that file is wider access than declared and should be documented.
Persistence & Privilege
The skill does not request always:true or system-wide changes and does not install persistent services. It reads user config files in the home directory and writes downloaded files to the specified output directory (expected behavior).
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode injection characters found in SKILL.md are not required for a downloader skill and may be an attempt to manipulate LLM/evaluation. Review and remove such characters before trusting the SKILL.md for automated interpretation.
What to consider before installing
This skill implements a normal Feishu file downloader, but exercise caution before installing: (1) The code requires FEISHU_APP_ID and FEISHU_APP_SECRET (or an OpenClaw config) but the registry metadata did not declare these — do not supply credentials unless you trust the author. (2) The skill reads ~/.openclaw/openclaw.json if present; that file can contain other channel configs — inspect it before running. (3) The SKILL.md contained unicode control characters (a prompt‑injection signal); open the file in a plain text viewer and remove/verify any unexpected characters. (4) Inspect download.py fully (it appears to use only open.feishu.cn endpoints and local file writes) and run the script in a sandbox or isolated account with minimal permissions the first time. (5) If you plan to provide real credentials, create an app with minimal required permissions (im:resource) and rotate/revoke keys after testing. If you want, I can highlight exact lines in download.py and the SKILL.md that reference credentials, config paths, and the unicode control characters.Like a lobster shell, security has layers — review code before you run it.
latestvk973gven1k7e8an4wywewnwkrd847er2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📥 Clawdis
Binspython3