Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Assistant
v1.1.1飞书助手,用于发送图片到飞书平台。当用户需要将生成的图片发送到飞书(私聊或群聊)时使用此技能。支持通过 user_id、open_id 或 chat_id 发送图片。
⭐ 0· 79·1 current·1 all-time
bykinggu@gushenjie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (send images to Feishu) matches the included script: it uploads an image and sends or replies to messages via the official open.feishu.cn API endpoints. Needing an App ID/App Secret is expected for this capability, but the registry metadata lists no required env vars or primary credential — that's inconsistent with the actual code and SKILL.md.
Instruction Scope
SKILL.md and scripts instruct the agent to auto-read credentials from environment variables or from the OpenClaw main config at ~/.openclaw/openclaw.json. This is reasonable for convenience, but the instructions give the skill implicit permission to read a user’s global OpenClaw config (not declared in metadata) which may contain other channels/credentials. The script only calls Feishu endpoints (no other external endpoints) and only uploads the provided image, so there is no obvious exfiltration to unknown domains.
Install Mechanism
There is no install spec (instruction-only plus a small Python script). Nothing is downloaded from external or untrusted URLs. The script uses the requests library which may need to be present in the runtime environment but no installer is provided — low install-surface risk.
Credentials
The code requires FEISHU_APP_ID and FEISHU_APP_SECRET (or the OpenClaw config file) to operate, which is appropriate for a Feishu integration. However the skill metadata declares 'Required env vars: none' and 'Required config paths: none' while the runtime instructions and script explicitly read those values. This mismatch is the main proportionality concern because the skill will access user credentials/config without that being declared in the registry metadata.
Persistence & Privilege
The skill is not marked always:true, does not modify other skills or system-wide settings, and does not persist new credentials beyond reading them. Autonomous invocation is allowed (platform default) but combined with the above undeclared credential access it increases the need for caution.
What to consider before installing
This skill's code does what it says (uploads and sends images to Feishu), but it will look for FEISHU_APP_ID / FEISHU_APP_SECRET or read your ~/.openclaw/openclaw.json even though the registry metadata claims 'no required config'. Before installing, review and confirm you are comfortable with the skill reading your OpenClaw config and providing it Feishu credentials. Consider: (1) Inspect ~/.openclaw/openclaw.json to see what will be read; (2) Prefer setting FEISHU_APP_ID/FEISHU_APP_SECRET in a dedicated environment rather than relying on a global OpenClaw config; (3) If you have sensitive credentials in your OpenClaw config, avoid granting this skill access or run it in an isolated account/environment; (4) Optionally run the script locally first to validate behaviour and network calls, and ensure you trust the skill owner before giving it production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk976k396b3b48wacn2wegt4m0n84843e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.