Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Feishu Whiteboard Extract
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherently focused on Feishu whiteboard extraction/export, but it uses Feishu app credentials and writes downloaded/exported files locally, so users should install it only with least-privilege Feishu access.
Before installing, confirm you are comfortable giving this skill access to the configured Feishu app credentials and any whiteboards shared with that app. Run it only for specific whiteboard IDs, keep exports/downloads in a controlled local directory, and verify dependencies are installed from a trusted source.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
The skill can access Feishu whiteboards and media that the configured Feishu app is allowed to view.
Why it was flagged
The skill loads Feishu app credentials from environment variables or ~/.openclaw/openclaw.json and sends them to Feishu to obtain a tenant access token. This is expected for Feishu API access, but it grants access according to the app/bot permissions.
Skill content
const envAppId = process.env.FEISHU_APP_ID;
const envAppSecret = process.env.FEISHU_APP_SECRET;
...
const cfgAppSecret = config?.channels?.feishu?.appSecret;
...
body: JSON.stringify({ app_id: appId, app_secret: appSecret })Recommendation
Use a least-privilege Feishu app, share only the needed whiteboards with the bot/app, and ensure the credential requirement is understood before running the scripts.
#
ASI02: Tool Misuse and Exploitation
Low
What this means
Downloaded Feishu media may be stored locally, and a mistaken output path could overwrite or expose files in the agent's accessible filesystem.
Why it was flagged
The download helper writes media to a user-supplied path or a default local directory. This is purpose-aligned, but file-writing tools can overwrite or place sensitive content in unintended locations if paths are chosen carelessly.
Skill content
const savePath = process.argv[3];
...
const finalPath = savePath || path.join(outputDir, `${fileToken}.png`);
const savedPath = await downloadMedia(token, fileToken, finalPath);Recommendation
Keep outputs in a dedicated workspace or appendix directory, avoid privileged/system paths, and review paths before allowing automated runs.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
A dependency install performed outside a trusted package source could increase supply-chain risk.
Why it was flagged
The dependency is the expected Feishu/Lark SDK and has integrity metadata, but the lockfile points to an HTTP mirror and the skill source is unknown, so dependency provenance deserves attention.
Skill content
"resolved": "http://mirrors.tencentyun.com/npm/@larksuiteoapi/node-sdk/-/node-sdk-1.59.0.tgz", "integrity": "sha512-sBpkruTvZDOxnVtoTbepWKRX0j1Y1ZElQYu0x7+v088sI9pcpbVp6ZzCGn62dhrKPatzNyCJyzYCPXPYQWccrA=="
Recommendation
Install dependencies from trusted registries, honor lockfile integrity checks, and avoid replacing the locked SDK with unreviewed versions.