ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书语音

v1.0.0

实现飞书语音消息的上传下载、语音转文字及文字转语音,支持与 ElevenLabs 语音服务集成。

0· 544·2 current·2 all-time
by@godzff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to implement Feishu voice upload/download, STT, and TTS using ElevenLabs. ElevenLabs API key is declared in skill.json and SKILL.md, which is expected. However, the runtime instructions require Feishu app_id/app_secret (to get tenant_access_token) and a Node.js Lark SDK usage, but the skill's manifest does not declare any required Feishu credentials or Node/runtime requirements. Requiring Feishu credentials is reasonable for the stated purpose, but failing to declare them in metadata is an incoherence that could lead to missing expectations or accidental secret exposure.
Instruction Scope
SKILL.md gives concrete shell/Node.js steps: fetching a tenant_access_token with app_id/app_secret, downloading message resources, calling ElevenLabs speech-to-text and TTS endpoints, converting audio with ffmpeg, and uploading via the Lark SDK. All network calls go to expected endpoints (open.feishu.cn and api.elevenlabs.io). However, the instructions recommend running system package installs (apt-get install ffmpeg) and reference a root workspace path (/root/.openclaw/workspace/). They also mention using app credentials inline (no guidance on secure storage). These runtime actions expand scope to system-level operations and require care with privileges and secret handling.
Install Mechanism
There is no declared install spec (instruction-only skill), which is low risk by itself. But SKILL.md instructs executing apt-get update && apt-get install -y ffmpeg to obtain ffmpeg. That is a system package install step the agent/operator would need to perform; it is not encoded in the skill manifest and requires elevated privileges on many hosts. No URLs, archive downloads, or obscure installers are present.
!
Credentials
skill.json and SKILL.md declare ELEVENLABS_API_KEY (appropriate). But SKILL.md also requires Feishu app_id/app_secret and Node.js credentials (appId/appSecret) for the upload/send flow, yet those environment variables are not listed in the manifest's required env or primary credential. This mismatch is problematic: the skill needs Feishu credentials to function but doesn't declare them, which can lead to unclear setup and possible ad-hoc credential handling. The skill also references storing temporary files under /root/.openclaw/workspace/, which raises questions about file-permission expectations.
Persistence & Privilege
The skill is not marked always:true, does not request persistent presence, and contains no code that modifies other skills or global agent settings. It only provides runtime instructions and example code snippets. There is no indication of self-enablement or privileged persistence.
What to consider before installing
This skill appears to do what it says (Feishu <-> ElevenLabs voice flows) but has some implementation and setup gaps you should address before installing or running it: - Feishu credentials: SKILL.md requires app_id/app_secret (used to obtain tenant_access_token) and the Node.js sample uses appId/appSecret, but the manifest does not declare or document these environment variables. Treat this as required credentials and only provide them after verifying who/what will store and use them. - ELEVENLABS key: The skill expects ELEVENLABS_API_KEY — keep it in a secure secret store, monitor usage and billing on ElevenLabs. - System install: The instructions call apt-get install -y ffmpeg. Running apt-get requires appropriate privileges and may not be appropriate on all hosts. If you cannot or do not want to install system packages, arrange an alternative (preinstalled ffmpeg, containerized execution, or use a hosted conversion service). - Workspace path and file handling: The doc references /root/.openclaw/workspace/ and temporary files. Confirm where temporary media will be stored and ensure least-privilege file paths (avoid using root-owned directories if not necessary). - Node runtime and dependencies: The Node.js example uses @larksuiteoapi/node-sdk but the manifest doesn't declare runtime requirements. If you plan to run the Node snippet, ensure Node and the SDK are installed securely and that dependency installation is reviewed. - Operational safety: Because the agent can run instructions, confirm whether the agent will execute commands autonomously. If you do not want autonomous installs or network calls, restrict invocation or require manual approval. What would increase confidence: a corrected manifest that declares required Feishu env vars (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET or explicit guidance to use tenant_access_token), explicit runtime requirements (Node, ffmpeg), and clear secure-handling instructions for credentials and temporary files. If you cannot verify these, treat the skill with caution and avoid providing production credentials until you have validated the code in a controlled environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ev1dvzkj0jegn14jwh1vsg181pbkm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments