feishu-emoji
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent with its stated purpose of downloading public emoji images and sending them in Feishu, with only expected cautions around chat posting, external downloads, and manual dependencies.
Install this if you are comfortable with the agent downloading public emoji images from third-party websites, saving them in the OpenClaw media directory, and sending them in Feishu chats. Avoid using it in formal or sensitive conversations, and verify any manual Python dependencies if you use the helper script.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can send a message and image to a Feishu conversation when used for this skill.
The skill uses the platform message tool to send content into Feishu chats. That is the intended feature, but it is still delegated chat-posting authority.
message(action="send", message="你的回复文字", media="/home/admin/.openclaw/media/inbound/emoji_<关键词>.jpg")
Use it only in chats where emoji/meme images are appropriate, and review the message/media before sending in sensitive work contexts.
The skill fetches image files from third-party sites and stores them locally for sending.
The skill instructs the agent/user to run curl to download remote images into a local media directory. This is central to the skill's purpose and is disclosed.
curl -sL -H "Referer: https://fabiaoqing.com/" "图片 URL" -o /home/admin/.openclaw/media/inbound/emoji_<关键词>.jpg
Only use trusted image URLs or the documented emoji source, and periodically clean the media directory.
The helper script may fail unless required packages are available, and users need to trust the manually installed dependencies.
The package documents manual tools and Python packages, while the registry install metadata has no install spec. This is a dependency/provenance notice rather than evidence of malicious behavior.
"requirements": { "tools": ["curl", "message"], "python_packages": ["requests", "beautifulsoup4"], "cli": ["bash"] }Install dependencies from trusted package sources if using the helper script, and prefer pinned/verified versions in managed environments.