feishu-bot-ops
ReviewAudited by ClawScan on May 11, 2026.
Overview
This Feishu bot operations skill is mostly purpose-aligned, but it recommends a broad authorization bypass and includes forceful recovery commands that users should review before running.
Install this only if you administer the Hermes Feishu bot. Before using the one-click recovery script or suggested settings, review the process-kill behavior, protect the Feishu app secret, and avoid leaving `GATEWAY_ALLOW_ALL_USERS=true` or broad bot-to-bot settings enabled in production.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
People who were previously blocked by the bot gateway may be able to send commands or interact with the agent.
The skill recommends solving authorization blocks by disabling the gateway user allowlist. That may be useful for debugging, but it can also let unintended Feishu users interact with the bot if left enabled.
`GATEWAY_ALLOW_ALL_USERS` ... `设为 true 跳过 gateway 层面用户白名单` and `Unauthorized→GATEWAY_ALLOW_ALL_USERS=true`
Prefer a targeted allowlist or group/user permission fix. If this setting is used for emergency debugging, document it, limit the exposure, and revert it after confirming the root cause.
Running the script may terminate active bot sessions, drop in-flight work, or affect multiple Hermes gateway instances on the same machine.
The one-click recovery script force-kills Hermes gateway processes, deletes Feishu gateway lock files, and starts a new background gateway. This is purpose-aligned for recovery but can interrupt active service.
for pid in $(pgrep -f 'hermes.*gateway' 2>/dev/null); do
kill -9 "$pid" ...
rm -f "$LOCK_DIR"/feishu-app-id-*.lock
hermes gateway run 2>&1 &Run it only when you are intentionally recovering the gateway. Check affected processes first, prefer graceful shutdown where possible, and back up relevant config/state.
A future package change or compromised dependency could affect the Hermes environment where the bot runs.
The script installs the Feishu SDK from the package index without a pinned version. This is expected for a Feishu integration, but it makes the result depend on the current external package state.
"$HERMES_VENV/bin/python" -m pip install -q lark-oapi 2>&1
Pin and review the package version in production, and install from a trusted package index or internal mirror.
The Feishu app secret can be used to obtain tenant access tokens, so accidental disclosure could expose bot/API access.
The skill expects local Feishu app credentials for recovery/API debugging, although the registry metadata declares no required environment variables. The use is purpose-aligned and no leakage is shown.
使用前请确保 `~/.hermes/.env` 中已配置 `FEISHU_APP_ID` 和 `FEISHU_APP_SECRET`。
Keep `.env` private, avoid pasting secrets into chat or logs, and ensure the Feishu app has only the permissions needed for this bot.
Other bots may be able to initiate or amplify interactions, which can cause loops or unintended cross-bot actions if permissions are not constrained.
The skill documents enabling bot-to-bot message handling. This is central to its bot collaboration purpose, but using `all` can allow other bots to trigger this bot more broadly.
`FEISHU_ALLOW_BOTS=mentions # 或 all。默认 none 会静默拒绝所有 bot 消息`
Use `mentions` instead of `all` unless there is a clear need, restrict participating bots/groups, and monitor for loops or unexpected automated messages.