feishu-send-file
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can invoke the script with these credentials can use the Feishu app's authority to upload and send files/messages.
The skill instructs use of a Feishu app secret from local OpenClaw configuration to obtain a tenant token. This is expected for Feishu sending, but it is sensitive credential use and is not reflected in the registry credential fields.
`app_secret`: 飞书应用密钥(从 `openclaw.json` 的 `channels.feishu.appSecret` 读取)
Use least-privilege Feishu app credentials, avoid exposing app_secret in chat or logs, and consider declaring the credential requirement in metadata.
Files or images sent with this skill may be stored or processed by Feishu/Lark and become visible to the specified recipient.
The script uploads the selected local file to Feishu before sending a message. This is the intended data flow, but it means file contents are transferred to an external provider.
"https://open.feishu.cn/open-apis/im/v1/files", ... "-F", f"file=@{file_path}"Verify the file path and recipient before use, and do not send secrets or private files unless that is intended.
If untrusted or malformed values are used, the agent could send the wrong file, target the wrong recipient, or expose sensitive command arguments locally.
The AI usage example constructs a command from dynamic values and includes the app secret as a command-line argument. Local command execution is central to this skill, but arguments should be handled carefully.
exec(f"""\npython3 /root/.openclaw/workspace/skills/feishu-send-file/scripts/send_file.py \\\n {file_path} \\\n {user_open_id} \\\n {app_id} \\\n {app_secret} \\\n {custom_filename}\n""")Prefer safe argument-array execution, validate file paths and recipients, quote arguments properly, and ask for confirmation before sending sensitive files.
The skill may fail on systems without curl, or an agent/user may need to install it separately.
The included scripts depend on curl, while the registry requirements say no required binaries. This is an under-declared runtime dependency rather than evidence of malicious behavior.
result = subprocess.run([\n "curl", "-s", "-X", "POST",
Declare curl as a required binary or replace the curl upload step with standard-library Python code.