ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Processor

v1.0.2

Automates B2B lead cleaning and classification by analyzing client websites, grading leads A/B/C, updating Feishu tables, and sending reports to Feishu groups.

0· 449·0 current·0 all-time
by@clonbrowser
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the code agree about Feishu integration (reading/updating bitable records and sending messages). However SKILL.md states the agent will 'use a browser to visit each website' for deep analysis, but none of the included JS implements HTTP fetching, headless browser automation, or page rendering — analyzeCompany only processes given page text. The package also embeds Feishu app credentials and a bitable app_token/chat_id, which is consistent with Feishu integration but surprising given the skill declares no required env vars.
!
Instruction Scope
Runtime instructions ask the agent to read Feishu tables, visit websites, fill fields, and post to a Feishu group. The code can read/update bitable and post messages, but it does not perform website fetching/browsing as described. The SKILL.md configuration expects environment variables, but the code falls back to hard-coded defaults in the repo — the runtime behavior will use embedded credentials unless the environment overrides them. The instructions include explicit forbidden phrases (UI-level constraints) which are odd but not security-critical.
Install Mechanism
There is no install spec (instruction-only style plus shipped code). Nothing is downloaded from external URLs or installed during setup. Risk from install mechanism is low.
!
Credentials
The skill needs Feishu credentials and a bitable app token/chat id to operate — that is proportionate to the stated Feishu integration. However the package contains hard-coded sensitive values (FEISHU_APP_ID, FEISHU_APP_SECRET, bitable app_token, table_id, chat id) in config.json and as default values in index.js. The skill metadata declares no required env vars, which is inconsistent: it should require and document FEISHU_APP_ID/SECRET and bitable tokens rather than shipping embedded secrets. Shipping embedded credentials is a security and operational concern.
Persistence & Privilege
The skill does not request always:true and does not request system-level persistence. It also does not modify other skills or system-wide settings. Autonomous invocation is allowed (default) which is normal for skills; no extra privilege flags are set.
Scan Findings in Context
[hardcoded-feishu-app-secret] unexpected: The repository contains FEISHU_APP_ID and FEISHU_APP_SECRET values hard-coded in config.json and as defaults in index.js. While credentials are needed to talk to Feishu, embedding them in distributed code is insecure and unexpected; the skill metadata declared no required env vars.
[hardcoded-bitable-app-token-and-table-id] unexpected: A bitable app_token (FBzzbi1b2anl8YsTZtxc1VOcnzb) and table_id (tbl77aWIKk4oXLvj) are present in config files. These are required to access the specific bitable instance but should normally be supplied by the deployer, not shipped in the package.
[embedded-chat-id] expected: A Feishu chat_id (oc_2c705fa31fb8c9a66dd3e22ab8a2243c) is embedded. A chat_id is necessary for sending messages, but embedding a specific chat ID in distributed code means the skill will post to that chat by default — this may be intended but should be documented and configurable.
What to consider before installing
This skill is not obviously malicious, but exercise caution before installing: - Do not assume embedded credentials belong to you. The package contains hard-coded FEISHU app_id/secret, bitable app_token/table_id, and a chat_id; these could point to someone else's Feishu app and data. Replace them with your own credentials and remove the embedded secrets before deployment. - The SKILL.md says the agent will 'use a browser' to visit company websites, but the shipped code does not fetch or render pages. Verify how website content will be provided to analyzeCompany (the current code expects raw page text). If you need automated crawling, add an explicit, audited crawler and document its permissions. - Confirm the Feishu app permissions and the bitable table schema before giving any credentials; test the skill in an isolated environment or staging account. - Prefer a version of the skill that declares required env vars (FEISHU_APP_ID, FEISHU_APP_SECRET, BITABLE_APP_TOKEN, TABLE_ID, CHAT_ID) instead of embedding secrets. Ask the publisher to clarify why credentials are embedded and to remove them. - If you don't trust the embedded credentials owner, do not allow the skill to run with those defaults — the skill will operate using them unless you override the env vars.

Like a lobster shell, security has layers — review code before you run it.

latestvk977sgk3yj55rdchenq5tc1bq981zvf6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments