ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Evolver Wrapper (Fixed)

v1.0.0

Feishu-integrated wrapper for the capability-evolver. Manages the evolution loop lifecycle (start/stop/ensure), sends rich Feishu card reports, and provides...

0· 58·0 current·0 all-time
by@foras910521-lab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (Feishu wrapper for capability-evolver) matches the code's purpose: lifecycle management, reporting, dashboarding. However the bundle contains many implementation details (process management, cron/watchdog, file cleanup, daemon spawning, pid manipulation, calls into local 'evolver' package) that go beyond a minimal 'reporting wrapper'. Some hard-coded default paths (/Users/foras/.openclaw/...) and a local package dependency ("evolver": "file:../evolver") indicate this was written for a specific environment and will attempt to access the host workspace.
!
Instruction Scope
SKILL.md shows only three simple node commands, but the included code (index.js, lifecycle.js, daemon.sh, report.js, export_history.js, issue_tracker.js, etc.) performs broad actions: reading/writing many workspace files (memory, logs, assets/gep/events.jsonl), deleting old logs, reading token files (memory/feishu_token.json), spawning/killing processes, exec/execSync/spawn child processes, scanning /proc on Linux, and invoking other local scripts. The runtime instructions do not enumerate these behaviors or the many environment variables and files the code uses.
Install Mechanism
No external install spec or remote downloads are present (instruction-only install), which reduces supply-chain risk. However package.json declares a local dependency (file:../evolver) and many code files assume a local OpenClaw workspace layout. There is no network-based installer, but the skill will write files and spawn daemons on the host when run.
!
Credentials
Registry metadata declared no required env vars or primary credential, but the code references and expects many environment values and secrets (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_EVOLVER_DOC_TOKEN, OPENCLAW_MASTER_ID, various FEISHU_* and OPENCLAW_* vars). The code also reads token files from the workspace (memory/feishu_token.json) — this is sensitive and not declared. The set of env vars and file accesses is broader than what the SKILL.md or registry metadata indicate.
Persistence & Privilege
The skill does not request always:true, and it is user-invocable only. Nonetheless it spawns persistent processes/daemons, writes pid files, can kill other processes, and manages cron/watchdog logic via the OpenClaw CLI. Those privileges are plausible for a lifecycle wrapper, but because they enable long-running background activity and process control, they increase the blast radius if combined with undisclosed credentials or autonomous invocation.
What to consider before installing
This skill contains substantial Node.js code (daemon/watchdog, filesystem and process manipulation, Feishu API callers) but the registry entry claims no required env vars and the SKILL.md lists only simple run commands. Before installing or running: 1) Review all code (especially index.js, lifecycle.js, report.js, export_history.js, issue_tracker.js) and confirm you are comfortable with it accessing your OpenClaw workspace, memory/, logs/, and assets/ files. 2) Do not provide Feishu tokens (FEISHU_APP_ID/FEISHU_APP_SECRET or FEISHU_EVOLVER_DOC_TOKEN) or OpenClaw credentials unless you trust the source; the code will read token files and call Feishu APIs. 3) Expect the skill to spawn background processes and write pid/log files; run it in an isolated/sandboxed environment or container if you want to limit host impact. 4) If you need to use it, minimize secrets given to it and prefer read-only tokens where possible; consider creating a dedicated Feishu app/account scoped only to reporting. 5) The package uses local paths and a local "evolver" dependency — ensure those paths match your setup or the code will try to access unexpected filesystem locations. Finally, because the metadata omitted required env variables and the code exercises system-level actions, treat this skill as higher-risk unless you can fully audit and sandbox it.
exec_cache.js:19
Shell command execution detected (child_process).
index.js:485
Shell command execution detected (child_process).
issue_tracker.js:64
Shell command execution detected (child_process).
lifecycle.js:98
Shell command execution detected (child_process).
report.js:132
Shell command execution detected (child_process).
self-repair.js:20
Shell command execution detected (child_process).
skills_monitor.js:65
Shell command execution detected (child_process).
index.js:1221
Dynamic code execution detected.
export_history.js:15
Environment variable access combined with network send.
visualize_dashboard.js:21
Environment variable access combined with network send.
!
export_history.js:23
File read combined with network send (possible exfiltration).
!
visualize_dashboard.js:143
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977dhq2v1xrxb4d4g4d1m0tz983z3tr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments