ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Upload Skill

v1.0.0

上传文件到飞书云盘并发送到指定聊天,支持自动令牌管理、30MB大小限制和多种文件格式,需Node.js 18+环境。

0· 789·5 current·5 all-time
byIvyWooo@deewooo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code, README and SKILL.md all implement Feishu upload/send functionality which matches the name. However the skill embeds an App ID and App Secret in get_feishu_token.sh and expects OpenClaw config at /home/node/.openclaw/openclaw.json and token files under /home/node/.openclaw/workspace/. The registry metadata declared no required env vars or config paths; that is inconsistent and unexpected for a networked OAuth-based integration.
!
Instruction Scope
Runtime instructions and scripts read and write files in /home/node/.openclaw/workspace (feishu_token.txt, upload_result.json) and may run get_feishu_token.sh during install. The scripts will obtain a tenant_access_token from Feishu and save it locally. The instructions do not request explicit user-provided credentials via env vars, but the code uses a hard-coded APP_ID/APP_SECRET — this expands the skill's effective access beyond what the metadata declares.
Install Mechanism
There is no network install spec (lowest-risk category). The package is instruction+script based and includes an install.sh that copies files into the skills directory and may call get_feishu_token.sh. No remote downloads or obfuscated fetches were found. install.sh assumes Node.js ≥18 and presence of OpenClaw config; it will attempt to run token acquisition if no token exists.
!
Credentials
Registry metadata lists no required credentials or config paths, yet the code: (1) reads/writes /home/node/.openclaw/openclaw.json and /home/node/.openclaw/workspace/feishu_token.txt; (2) hard-codes APP_ID and APP_SECRET in get_feishu_token.sh; and (3) prints partial token values. The presence of an embedded APP_SECRET (sensitive credential) without declaration or explanation is disproportionate and requires review/rotation before use.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill writes token and result files into its workspace (feishu_token.txt, upload_result.json) which is expected for this functionality. It does not request always:true nor modifies other skills' configuration.
What to consider before installing
What to check before installing: - Credentials: get_feishu_token.sh contains a hard-coded APP_ID and APP_SECRET. Treat those as sensitive: do not assume they are safe to use. Either replace them with your own app credentials, or remove the script and supply your own tenant_access_token. If those credentials were used in a shared/demo package, rotate them in Feishu immediately. - Metadata mismatch: the registry metadata claims no required config/env, but the code reads /home/node/.openclaw/openclaw.json and stores/reads /home/node/.openclaw/workspace/feishu_token.txt. Expect the skill to create and read token files in the OpenClaw workspace. - Inspect and run in a sandbox: run install and first runs in an isolated environment (or container) so you can see token creation and network calls. The endpoints contacted are legitimate Feishu endpoints (open.feishu.cn), but you should still control which App ID/Secret are used. - Dependencies & runtime: native scripts target Node.js ≥18. Some scripts (simple_feishu_upload.js) require the npm package 'form-data' though package.json declares no dependencies—install missing packages or prefer native native_feishu_upload.js on Node 18+. get_feishu_token.sh uses python3 for JSON parsing; ensure python3 exists. - Audit outputs: the skill saves tokens and upload_result.json in the workspace. Ensure those files are stored with appropriate permissions and rotated/removed if they contain sensitive tokens. - Recommended actions: (1) open and remove/replace embedded APP_SECRET with your own or change get_feishu_token.sh to read credentials from a secure location (env vars or a secrets manager); (2) declare required config paths/env in your OpenClaw deployment; (3) run the tool manually first to verify behavior; (4) if you do not trust the source, do not run get_feishu_token.sh — instead obtain a token via your own secure process. Overall: the code implements the advertised feature and uses legitimate Feishu APIs, but the presence of embedded credentials and the metadata/config mismatches are red flags — treat this as suspicious until credentials and config handling are fixed or explicitly approved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cq4ey9wbzbjc4170vza9n1581d83c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments