registry-sync
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for syncing a local skills/workflows registry, but users should notice that it can automatically write to a specific Feishu spreadsheet and persist backlog entries locally.
This appears suitable if you want automatic registry maintenance. Before installing, make sure the listed Feishu sheet is the correct destination, the agent’s Feishu permissions are limited to what you expect, and the registry/backlog will not store sensitive details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may update the Feishu registry sheet after creating or changing local reusable assets, rather than only when the user explicitly asks each time.
The skill instructs the agent to perform an external write as part of the workflow. This is aligned with registry-sync behavior, but it is still mutation authority the user should notice.
When a new reusable capability is created, do not stop at file creation. Also update the registry sheet.
Install only if automatic registry updates are desired, and periodically review the target sheet for accuracy.
The skill may act through a logged-in Feishu/Lark session or Feishu integration to modify the registry spreadsheet.
Writing to Feishu and using browser runtime methods implies use of whatever Feishu account/session or integration the agent has available. The target is specific, but the metadata does not declare a primary credential.
Prefer structured table writes over ad-hoc manual browser typing. If a new tab is required and `feishu_sheet` API cannot create worksheet tabs, use the `feishu-sheet-tabs` skill approach: - create tabs via browser runtime methods - populate them with `feishu_sheet`
Confirm that the agent only has access to the intended Feishu sheet and that the account used has appropriate permissions.
Details about local skills, workflows, templates, and pending registry changes may be stored and reused later.
The registry becomes persistent context about local capabilities, and failed updates are also persisted to a local backlog. This is expected for the purpose, but persistent records can later influence workflow decisions.
Maintain the Feishu registry spreadsheet as the source of truth for local skills, workflows, and templates.
Keep the registry and backlog limited to non-sensitive operational metadata, and review entries before relying on them as authoritative.