Feishu Evolver Wrapper (Fixed)
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Feishu evolver-reporting purpose, but it also runs a self-healing background evolver, uses undeclared Feishu tokens, and contains raw/dynamic command execution that needs review.
Review before installing. Use this only if you intentionally want a persistent Feishu-connected evolver, are comfortable with Feishu token use and log uploads, and can verify how to stop the daemon/watchdog. Prefer running it in a sandboxed workspace until the shell execution, dynamic parsing, credential declarations, and metadata provenance are cleaned up.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The evolver may continue running and restarting in the background, potentially making changes or sending reports after the user expected the task to be over.
The skill intentionally establishes self-healing persistence for the evolver loop. That is purpose-aligned, but it can keep agent evolution/reporting activity running after the immediate task unless the user clearly controls and stops it.
**Watchdog**: Managed via OpenClaw Cron job `evolver_watchdog_robust` (runs `lifecycle.js ensure` every 10 min). ... Ensures the loop restarts if it crashes or hangs.
Install only if you want a persistent evolver. Verify the stop/disable command, check cron/watchdog state, and require explicit user approval before starting or ensuring the daemon.
If attacker-controlled or model-generated text reaches this parser, it could run code in the local OpenClaw workspace.
This executes a constructed JavaScript string. Without full proof that `sanitized` is trusted and strictly constrained, this is materially risky in a long-running evolver wrapper.
const parsed = new Function('return (' + sanitized + ')')();Replace dynamic evaluation with `JSON.parse` or a strict schema parser, and document any unavoidable code execution with strong input validation.
A crafted environment variable or saved token value could cause unintended local commands to run under the user's account.
An environment-derived value is interpolated into a shell command. Similar shell construction is used for document append operations, creating command-injection risk if env/state values are influenced.
const grantArg = masterId ? ` --grant "${masterId}"` : ''; const result = execSync(`node "${CREATE_SCRIPT}" --title "Evolver Issue Tracker"${grantArg}`, ...);Use `spawn`/`execFile` with argument arrays, validate Feishu IDs/tokens, avoid shell strings, and require approval for high-impact command paths.
The skill can act through the user's Feishu integration and write to Feishu documents using stored account tokens.
The code reads a local Feishu access token, while the registry metadata declares no primary credential or required env vars. This is expected for Feishu integration but under-declared and high-impact.
const TOKEN_FILE = path.join(WORKSPACE_ROOT, 'memory', 'feishu_token.json'); ... token = JSON.parse(fs.readFileSync(TOKEN_FILE)).token;
Declare all Feishu credentials and token files, document required scopes, and allow users to opt in to token use and revoke access.
Evolution logs may contain prompts, errors, filenames, or other private workspace details that would be copied into Feishu.
The script reads a local evolution log and posts chunks to a Feishu document. This matches the documented export-history feature, but the data boundary is sensitive.
const LOG_FILE = path.join(WORKSPACE_ROOT, 'memory', 'mad_dog_evolution.log'); ... fetch(`https://open.feishu.cn/open-apis/docx/v1/documents/${DOC_TOKEN}/blocks/${DOC_TOKEN}/children`, ... body: JSON.stringify({ children: blocks }))Preview and redact history before export, document the target document clearly, and avoid automatic exports without user confirmation.
Users may not be able to verify exactly which package lineage or version they are installing.
The embedded metadata conflicts with the provided registry metadata, which lists a different owner, slug, and version. For a persistent evolver wrapper, this provenance inconsistency matters.
"ownerId": "kn7apafdj4thknczrgxdzfd2v1808svf", "slug": "feishu-evolver-wrapper", "version": "1.7.1"
Align registry and embedded metadata, publish a source/homepage link, and pin or document local sibling dependencies such as the evolver and Feishu helper skills.