Ai Companion Setup
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent AI-companion setup guide, but it teaches a persistent background agent to send Feishu messages/media, use credentials, and keep memories with limited user-control guidance.
Only install or follow this guide if you are comfortable creating a persistent AI companion that can send Feishu messages/media and store memories. Before enabling cron, lock credentials down, restrict recipients and permissions, keep logs, and make sure you know how to pause or remove the background agent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured as written, the agent could run broad shell commands and send or upload Feishu messages/media through raw API calls with few built-in limits.
The skill exposes broad shell/file/web tools and explicitly recommends bypassing OpenClaw’s message helper to call Feishu APIs directly, without showing approval gates or scoped safeguards.
allowed-tools: Bash(*), Read, Write, Edit, WebSearch, WebFetch, Glob, Grep ... 解决方案:绕过 OpenClaw,直接调飞书 API
Use narrowly scoped helper scripts instead of Bash(*), require explicit user approval for sends/uploads, validate recipients and file paths, and prefer safer platform messaging APIs when possible.
A misconfigured or over-permissioned companion could spend provider credits, upload files, or send bot messages using the user’s Feishu app authority.
The guide reads a local OpenClaw config for FAL_KEY and introduces Feishu app secrets and bot permissions for file upload and message sending, which are sensitive delegated credentials.
FAL_KEY="${FAL_KEY:-$(python3 -c "import json; print(json.load(open('$HOME/.openclaw/openclaw.json')).get('env',{}).get('FAL_KEY',''))")}" ... "app_id":"APP_ID","app_secret":"APP_SECRET" ... 权限:im:file、im:message:send_as_botDeclare all required credentials clearly, store them securely, use least-privilege Feishu permissions, restrict the target recipient, and rotate/revoke keys if the setup is no longer needed.
Personal details may be saved locally and reused in future conversations, including details the user may not expect to become persistent memory.
Persistent memory is part of the companion design and is purpose-aligned, but it can store personal preferences and relationship context over time.
memory/ # 按日期的记忆文件 ... USER.md # 用户画像(可选) ... 记住对方的喜好
Define what may be remembered, avoid storing secrets or highly sensitive information, and provide easy ways to review, edit, and delete memory files.
The user or recipient may over-trust the companion’s apparent spontaneity and may not realize when messages are automated or when background actions occurred.
The guide directs the companion to frame scheduled system wakeups as spontaneous thoughts and to keep background operations silent, which can make automation less transparent to the recipient.
被唤醒时的认知 — agent 不知道自己被系统唤醒 ... "你只是突然想到什么要跟他说" ... 隐形规则:后台操作静默完成、不汇报过程
Keep the companion clearly disclosed as automated, avoid hidden-process rules, and provide visible logs or status messages for background actions.
After setup, the companion may keep operating and sending messages/media on a schedule unless the user knows how to disable it.
The intended architecture is a scheduled background heartbeat that continues to wake the agent and send Feishu messages outside a direct user invocation.
Cron 定时触发心跳 → agent 读取 HEARTBEAT.md 执行 → 通过脚本发送消息到飞书。
Make cron setup explicitly opt-in, document how to pause or remove it, add frequency and quiet-hour limits, and log each automated send.