Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Cli Auth
v1.0.0飞书 OAuth 认证和 User Access Token 管理。两步式非交互登录(AI Agent 专用)、 Token 状态检查、scope 配置、自动刷新机制、搜索功能的 Token 依赖关系。 当用户请求"登录飞书"、"获取 Token"、"OAuth 授权"、"auth login"、"认证"、 "搜...
⭐ 0· 145·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes Feishu OAuth and User Access Token management and provides concrete feishu-cli commands and file paths (e.g., ~/.feishu-cli/token.json). That matches the declared purpose. However the registry metadata does not declare the feishu-cli binary as required, nor does it declare env vars that the instructions reference (FEISHU_USER_ACCESS_TOKEN, HTTPS_PROXY). This is an inconsistency between claimed requirements and the actual runtime expectations.
Instruction Scope
Instructions are specific about steps (generate auth URL, have user paste callback URL, run feishu-cli auth callback, persist token to ~/.feishu-cli/token.json). They do not instruct reading unrelated system files or exfiltrating data. But they reference environment variables and token file paths that are not declared in the skill metadata, and they recommend always using a maximal scope set (broad privileges).
Install Mechanism
This is an instruction-only skill with no install spec (lowest install risk). That said, it implicitly requires the feishu-cli binary to be present on PATH—metadata did not list this required binary, which is an omission but not a direct install risk from the skill itself.
Credentials
The SKILL.md advises use of FEISHU_USER_ACCESS_TOKEN and HTTPS_PROXY and instructs persistent storage of Access/Refresh tokens at ~/.feishu-cli/token.json, yet requires.env is empty. The document also recommends always requesting a very large set of scopes (including offline_access and many read/write message/contact scopes) by default—this is a high privilege footprint. Requesting and persisting refresh tokens and broad message/contact scopes is proportionate to token-management functionality but the aggressive default (always max scopes) and undeclared env/credential assumptions are concerning and should be explicit to the user.
Persistence & Privilege
The skill persists tokens to a per-user path (~/.feishu-cli/token.json) which is consistent with its purpose. It does not request always:true or other elevated skill-level privileges, and it does not instruct modification of other skills or global agent configuration. Note that autonomous invocation is allowed by default on the platform—if the agent is permitted to call this skill automatically it could refresh tokens without interactive confirmation; combine that with the broad scopes and the risk increases.
What to consider before installing
This skill's instructions align with Feishu OAuth/token management, but it omits important runtime assumptions and recommends highly privileged defaults. Before installing: 1) Confirm you have a trusted feishu-cli binary (source/version) on the system—the skill assumes it exists but the metadata doesn't list it. 2) Be aware the skill will store Access/Refresh tokens at ~/.feishu-cli/token.json (sensitive data); review that file's permissions. 3) Consider reducing the default scopes rather than accepting the 'maximum scope' recommendation (offline_access + broad message/contact scopes grant wide access). 4) If you do not want automatic token refreshes or agent-initiated access, restrict autonomous invocation or review how the agent is allowed to call the skill. 5) Ask the publisher to update metadata to list required binaries and env vars (FEISHU_USER_ACCESS_TOKEN, HTTPS_PROXY if used) so the runtime requirements are explicit. If you cannot verify the origin of feishu-cli or the skill, avoid installing or only run it in a controlled environment.Like a lobster shell, security has layers — review code before you run it.
latestvk971088fcq7v8d1gdsatdpf50h8368k3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.