Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Relay
v3.2.0Unified Feishu notification system with automatic discovery, message queue, and reliable delivery. Use when user needs to send notifications via Feishu (Lark...
⭐ 0· 182·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code, SKILL.md, README and skill.json all expect Feishu credentials (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_RECEIVE_ID) and network access to open.feishu.cn — that matches the described purpose. However the registry summary metadata at the top of the evaluation claims “Required env vars: none” and lists no primary credential; this is inconsistent with the bundled files (skill.json and SKILL.md) which declare required env vars. Also skill.json and README mention additional opt-in production scripts that either are not present in the manifest or are only partially present (only install-discovery.sh exists).
Instruction Scope
SKILL.md instructs the agent/user to run ./run.sh and supply FEISHU_* env vars; the runtime Python reads environment variables and skill-local config files (./config.json, ~/.openclaw/skills/feishu-relay/config.json, /etc/openclaw/skills/feishu-relay/config.json) which is consistent with the instructions. The scripts/install-discovery.sh can scan ~/.openclaw workspace and create symlinks to other skills' notify scripts — SKILL.md and README state discovery is opt-in, so there's no automatic scanning by default, but the presence of this discovery script means the skill can modify filesystem state if the user runs the opt-in installer.
Install Mechanism
There is no install spec or remote download; this is an instruction-only skill with local scripts. No network installs, URL downloads, or archive extraction are present in the supplied files. README references additional production install scripts (systemd, watchdog, global notify) but these are not present in the manifest — either omitted or not included, which is an inconsistency worth noting but not an active install risk.
Credentials
The required credentials are appropriate for a Feishu notifier (app id/secret and target id). However the registry metadata incorrectly lists no required env vars while the code and skill.json require sensitive secrets (FEISHU_APP_SECRET). The Python code reads several environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_RECEIVE_ID, FEISHU_TIMEOUT, FEISHU_MAX_RETRIES, FEISHU_RETRY_DELAY, FEISHU_SKILL_DIR and fallbacks), and also attempts to load config files from user and system locations (/etc and ~/.openclaw). Reading /etc and user config locations is understandable for skill config but increases the places secrets could be present — users should ensure only intended config files are present and protected (chmod 600).
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. By default it performs no system modifications. Opt-in scripts (mentioned in README/skill.json) can install systemd units or global commands and would require elevated privileges if used; only scripts/install-discovery.sh is present and will create a local .discovered directory and symlinks if the user runs it. This opt-in modification capability increases risk if users run those installers without review.
What to consider before installing
This package appears to be a legitimate Feishu/Lark notifier, but there are a few mismatches you should consider before installing: (1) the registry metadata claims no required env vars while the code and skill.json require FEISHU_APP_ID / FEISHU_APP_SECRET / FEISHU_RECEIVE_ID — treat these secrets like API credentials and only provide them in a trusted environment; (2) a discovery script is included that will scan your ~/.openclaw workspace and create symlinks if you run it — it does not run automatically but will modify your filesystem when invoked; (3) README mentions optional production installers (systemd/global notify) that could require sudo — those are opt-in and not present in the manifest here, but be cautious if you obtain or run them. Recommended actions: verify the skill source (skill.json points to a GitHub URL but registry homepage is missing), inspect the optional scripts before running, run the skill first in an isolated environment (container or VM), and store Feishu secrets only in a protected config file (chmod 600) or CI/secret manager rather than a world-readable file.Like a lobster shell, security has layers — review code before you run it.
feishuvk97chrgtmrr4vjfkb42hrv2k2584jvn5larkvk97chrgtmrr4vjfkb42hrv2k2584jvn5latestvk97chrgtmrr4vjfkb42hrv2k2584jvn5notificationvk97chrgtmrr4vjfkb42hrv2k2584jvn5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.