Back to skill
Skillv1.0.2
ClawScan security
Feishu Docx · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 3:23 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and docs contain hard-coded Feishu credentials, account-specific folder tokens and absolute local file paths that don't match the registry metadata; this mismatch and embedded secrets are disproportionate and warrant caution.
- Guidance
- Do not blindly run these scripts. Key issues: (1) multiple files contain hard-coded Feishu App ID, App Secret and folder_token — treat these as leaked credentials; avoid using them. (2) Several scripts read absolute local paths and will upload local files if executed — inspect and edit paths before running. (3) The registry metadata claims no required env vars but SKILL.md requires FEISHU_APP_ID/FEISHU_APP_SECRET — this mismatch is suspicious. Recommended actions before installing or running: review and remove any hard-coded secrets, replace with your own credentials stored in environment variables, verify the folder_token and tenant are ones you control (rotate secrets if you used the exposed values), search your environment for any accidental use of the included absolute paths, and run the code in a sandboxed environment. If you cannot verify the provenance of the embedded credentials and folder targets, avoid using the skill.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to be a Feishu Docx create/edit helper and therefore would reasonably need an App ID and App Secret — however the registry metadata lists no required env vars or primary credential. The code embeds an App ID, App Secret and a folder_token directly in multiple scripts (and prints tenant doc URLs), which is inconsistent with the registry declaring no credentials and exposes account-scoped secrets/targets.
- Instruction Scope
- concernSKILL.md and code show expected Feishu API calls, but multiple included scripts reference absolute local filesystem paths (e.g. /Users/cpjhy0535/.openclaw/... ) and will read and upload local files. SKILL.md also prints explicit secret values. The instructions/code therefore have scope beyond just calling an API: they assume access to specific local files and target a specific folder/account.
- Install Mechanism
- noteNo install spec (instruction-only) reduces installation risk, but the package includes executable Python scripts. There is no declared install step or sandboxing: running these scripts will execute network calls and filesystem reads. That means the risk is operational (what you run) rather than coming from a remote installer.
- Credentials
- concernAlthough registry metadata lists no required env vars, SKILL.md tells users to set FEISHU_APP_ID and FEISHU_APP_SECRET — and the same credentials are hard-coded in multiple scripts along with a folder_token. Hard-coded credentials and account-scoped folder tokens are disproportionate and unsafe. The skill requires credential-level access to a Feishu tenant but does not declare or justify that access in metadata.
- Persistence & Privilege
- okThe skill is not always: true, is user-invocable, and allows autonomous invocation by default (normal). It does not request to modify other skills or system-wide settings in the provided files.