Skillv1.0.0

ClawScan security

Feishu Message Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 4:10 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it fetches Feishu messages via the Feishu IM API, only needs Feishu credentials (token or app id/secret) and reads the documented OpenClaw config; there are no unexpected third‑party endpoints, installers, or unrelated credentials requested.
Guidance: This skill appears to do what it claims: it calls Feishu's API and needs Feishu credentials. Before installing or using it: (1) confirm you trust the skill source since it will read ~/.openclaw/openclaw.json if present (or use env vars or an explicit --token) — if you don't want it reading that file, provide a tenant_access_token via --token or set FEISHU_APP_ID/FEISHU_APP_SECRET in a controlled environment; (2) review the small Python script yourself (it's included) if you have any doubt; (3) be aware it will make network calls only to open.feishu.cn (no other endpoints observed); (4) if you want least privilege, create a Feishu app/credentials scoped only to the required workspace and avoid storing unrelated secrets in the OpenClaw config.

Purpose & Capability: okName/description match the code and instructions. The script calls Feishu open-apis endpoints to fetch messages and thread context, which is exactly what the skill says it does.
Instruction Scope: noteSKILL.md and the script instruct the agent to read FEISHU_APP_ID/FEISHU_APP_SECRET env vars or ~/.openclaw/openclaw.json (OpenClaw config) or accept a --token. That file access is documented in the SKILL.md. No instructions or code read other system files or shell history; network calls go only to the Feishu API base URL.
Install Mechanism: okThere is no install spec (instruction-only plus a small Python script). No external downloads, package installs, or archive extraction are performed.
Credentials: noteThe only secrets involved are Feishu credentials (app_id/app_secret or a tenant_access_token), which are necessary for the API. The script looks in ~/.openclaw/openclaw.json under channels.feishu for these values — this is proportional but worth noting because it reads a local config file that may contain credentials.
Persistence & Privilege: okThe skill does not request permanent/always-on inclusion, does not modify other skills or system-wide settings, and does not persist new credentials. Autonomous invocation is enabled by default (normal) but not combined with other concerning behavior.