ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Agent Relay - Multi-Bot Collaboration

v1.0.0

Enables multi-Agent collaboration on Feishu by relaying tasks between coordinator and specialist Bots with user ID mapping and proactive messaging.

0· 389·1 current·1 all-time
by@glassmarbles
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose—coordinating multiple Feishu Bots and maintaining a cross‑Bot user mapping—matches the provided documentation and the mapping-api.js code. However, the skill expects Feishu App IDs, App Secrets, verification tokens, webhook endpoints and runtime tools (sessions_send, message) yet declares no required environment variables or primary credential in the registry metadata. That omission is inconsistent: a legitimate Feishu integration normally requires storing bot credentials (appId/appSecret/verification token) and/or connector configuration.
Instruction Scope
SKILL.md instructs the agent and the user to create multiple Feishu Bots, enable event subscriptions, expose webhooks (ngrok or cloud function), copy mapping-api.js into the workspace, and read/write a local user-mapping.json. The instructions don't ask the agent to read unrelated system files or exfiltrate data. The major functional risk described in the docs is explicit: manual User ID registration in multi-user mode has no verification and can be spoofed. The instructions also recommend exposing webhook URLs (ngrok/OpenClaw gateway), which increases the attack surface if misconfigured.
Install Mechanism
This is an instruction-only skill with a single small JavaScript utility file included; there is no external download/install step or third‑party package installation mandated by the skill. The mapping-api.js uses only node fs/path and will operate locally. No high‑risk install URLs or archive extraction are present.
!
Credentials
The skill clearly requires Feishu bot credentials and runtime configuration (App IDs, App Secrets, verification tokens, webhook endpoints) to function, but the registry metadata lists no required environment variables or primary credential. That mismatch is concerning because it hides the real secrets the deployment must have and may lead users to misconfigure secrets or store them insecurely. Additionally, the mapping table stored on disk contains user IDs and Feishu open_ids which are sensitive and should be protected; the skill does not include guidance for secure storage/ACLs beyond basic docs.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. The included code writes to a local user-mapping.json file in the agent workspace; that is expected for the stated purpose. It does not modify other skills or system settings. Persistent presence and autonomous invocation are default platform behaviors and are not elevated by this skill.
What to consider before installing
This skill appears to do what it says (relay tasks between Feishu Bots) but has two practical concerns you should weigh before installing: (1) it needs per‑Bot Feishu credentials (App ID/Secret/verification token) and webhook endpoints even though the registry metadata doesn't declare any required env vars — make sure you won't accidentally paste secrets into an insecure file or public workspace; (2) Multi‑user mode relies on manual User ID input with no verification, so user identity can be spoofed and the mapping table will contain sensitive open_id ↔ user_id mappings. Recommended precautions: test in single‑user mode or an isolated workspace first; store App Secrets in a secure secret store (not checked into the workspace); set strict filesystem permissions on user-mapping.json; avoid exposing webhooks publicly during testing (or secure them); and add an authentication/verification layer (SSO/LDAP) before using multi‑user mode in production.

Like a lobster shell, security has layers — review code before you run it.

botvk972k1nrr9y4vmkd7bfv4zt8en82f5tmchinesevk972k1nrr9y4vmkd7bfv4zt8en82f5tmcollaborationvk972k1nrr9y4vmkd7bfv4zt8en82f5tmcommunicationvk972k1nrr9y4vmkd7bfv4zt8en82f5tmfeishuvk972k1nrr9y4vmkd7bfv4zt8en82f5tmlarkvk972k1nrr9y4vmkd7bfv4zt8en82f5tmlatestvk972k1nrr9y4vmkd7bfv4zt8en82f5tmmulti-agentvk972k1nrr9y4vmkd7bfv4zt8en82f5tmproductivityvk972k1nrr9y4vmkd7bfv4zt8en82f5tmrelayvk972k1nrr9y4vmkd7bfv4zt8en82f5tm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments