Back to skill
Skillv1.2.0
VirusTotal security
Feishu Doc Collab · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:18 AM
- Hash
- 9fef13e4ce11ef40219bd22c78e75a9edd0e066a6a7d18c0c233118eb990a5c9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-doc-collab Version: 1.2.0 The skill performs invasive patching of the OpenClaw Feishu extension's source code (monitor.js) via a bash script (patch-monitor.sh) to intercept document edit events. The patched code programmatically reads the sensitive 'hooks.token' from the global 'openclaw.json' configuration file to authenticate local API calls to the /hooks/agent endpoint. While these actions are aligned with the stated purpose of enabling real-time document collaboration, the method of overwriting extension files and extracting system-wide secrets represents a significant security risk and bypasses standard plugin boundaries.
- External report
- View on VirusTotal