飞书消息文件下载
Security checks across malware telemetry and agentic risk
Overview
This Feishu downloader is mostly purpose-aligned, but its file-saving logic may allow a downloaded or supplied filename to write outside the chosen output folder.
Install only if you trust the Feishu app credentials you configure and the messages you download from. Before use, the maintainer should fix filename sanitization so downloaded files cannot write outside the selected output folder or overwrite unrelated local files.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or unexpected filename could overwrite files outside the intended download folder, especially if the agent downloads a file from a message without the user reviewing the final save path.
The code can take a filename from the Feishu response header, then joins it to the output directory and writes it without sanitizing path separators, absolute paths, traversal components, or checking that the resolved final path remains under the chosen output directory.
filename = content_disposition.split("filename=")[-1].strip('"') ... file_path = output_path / filename ... with open(file_path, 'wb') as f:Sanitize filenames with a basename-only policy, reject absolute paths and '..' components, resolve the final path, ensure it stays under the output directory, and ask before overwriting existing files.
The skill can access Feishu message resources available to the configured app, so users should treat the configured app secret and permissions as sensitive.
The skill reads Feishu application credentials from environment variables or local OpenClaw configuration and sends them to Feishu to obtain a tenant access token.
app_secret = os.environ.get("FEISHU_APP_SECRET") ... Path.home() / ".openclaw" / "openclaw.json" ... requests.post(url, headers=headers, json=data)Use a Feishu app with the minimum required permissions, avoid sharing the app secret, and revoke or rotate credentials if the skill is no longer needed.
Future installs may receive different dependency versions, which slightly increases supply-chain variability.
The Python dependency is specified as a version range rather than pinned to an exact version or hash.
requests>=2.28.0
Pin dependency versions, and preferably use hashes or a lockfile for reproducible installation.