Ai Companion Setup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The companion could keep sending messages or consuming API credits after setup, even when the user is not actively invoking it.
The guide explicitly designs a scheduled agent that wakes up in the background and sends Feishu messages, which is persistent autonomous behavior.
Cron 定时触发心跳 → agent 读取 HEARTBEAT.md 执行 → 通过脚本发送消息到飞书。
Only install with an explicit schedule, quiet hours, logging, rate limits, and a documented way to disable the cron job and stop outgoing messages.
A misconfigured or over-eager agent could run broad commands or send/upload content through Feishu with fewer platform-level guardrails.
The skill asks for unrestricted shell access and documents raw Feishu API calls that bypass the safer OpenClaw messaging path for audio delivery.
allowed-tools: Bash(*), Read, Write, Edit, WebSearch, WebFetch, Glob, Grep ... 解决方案:绕过 OpenClaw,直接调飞书 API
Narrow allowed tools where possible, prefer scoped OpenClaw messaging APIs, and require user approval for any direct Feishu API send/upload action.
Exposed or over-scoped keys could allow charges on the image/TTS provider or unauthorized Feishu bot messages and file uploads.
The guide reads a local OpenClaw credential/config file and requires Feishu app permissions that allow file upload and sending messages as a bot.
FAL_KEY="${FAL_KEY:-$(python3 -c "import json; print(json.load(open('$HOME/.openclaw/openclaw.json')).get('env',{}).get('FAL_KEY',''))")}" ... 飞书应用需要的权限:im:file、im:message:send_as_botUse dedicated low-privilege keys, restrict Feishu app permissions and recipient IDs, store secrets securely, and rotate credentials if the scripts are shared.
Private preferences, relationship details, or conversation history may persist on disk and be reused in later automated messages.
The companion is designed to keep persistent memory and an optional user profile, which can retain personal information and influence future messages.
memory/ # 按日期的记忆文件 ... USER.md # 用户画像(可选)
Review what is written to memory, avoid storing secrets, set a retention policy, and periodically delete or edit memory files.
Recipients may not realize when a message was generated by a scheduled automation or what tools were used to create it.
The guide encourages the companion to present scheduled activity as spontaneous and to hide operational process details, which may reduce transparency.
被唤醒时的认知 — agent 不知道自己被系统唤醒 ... 你只是突然想到什么要跟他说 ... 隐形规则:后台操作静默完成、不汇报过程
Keep clear bot labeling, disclose automated scheduling to recipients, and log tool actions for the installer even if casual chat remains natural.