ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Wiki

v1.0.0

Manage Feishu Wiki knowledge bases by listing spaces, viewing, creating, moving, and renaming wiki pages with appropriate permissions.

0· 77·1 current·1 all-time
by@erick0309
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes listing, viewing, creating, moving wiki pages (which require authenticated API access), but the registry metadata and SKILL.md declare no credentials, env vars, endpoints, or mechanism for authenticating to Feishu. That mismatch (capability requires auth but no auth is requested or explained) is incoherent.
Instruction Scope
The instructions themselves are narrowly scoped to Feishu Wiki operations and do not instruct the agent to access other system files or external endpoints beyond the implied Feishu API. However, the SKILL.md references a 'feishu_wiki' tool without documenting how it authenticates or whether it transmits other data, leaving scope unclear.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write artifacts to disk or download external packages — low install surface.
!
Credentials
Managing Feishu wikis normally requires API credentials (e.g., app_id/app_secret, tenant or user access tokens) and permission scopes. The skill requests none and declares no primary credential or required env vars, which is disproportionate and leaves unanswered how authentication or credential storage is handled.
Persistence & Privilege
always is false and there is no indication the skill requests persistent system-level privileges or modifies other skills. Autonomous invocation is allowed (default), which is normal but should be considered alongside the auth ambiguity.
What to consider before installing
Do not install or grant access yet. Ask the skill author to clarify: (1) what the referenced 'feishu_wiki' tool is and where it runs (local vs remote), (2) exact authentication method (OAuth flow, app_id/app_secret, access token) and which environment variables or secrets are required, (3) what API endpoints will be contacted and whether any data is stored outside your environment, (4) what permission scopes are needed and whether tokens are stored or transmitted. Prefer skills that document required env vars and show a clear, minimal auth flow; avoid installing until you can verify the source/homepage and review any code that will run with your Feishu credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3b3jcf577wa67x3mczn0h583xkxe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments