Skillv1.2.0

ClawScan security

Feishu Contacts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 9:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the stated Feishu contacts sync/search functionality, but there are inconsistencies between its metadata and runtime instructions, it stores contact PII to a local cache, and the included script has coding issues — so treat it as untrusted until reviewed/tested.
Guidance: What to consider before installing: 1) The skill requires you to put Feishu appId/appSecret into ~/.openclaw/openclaw.json — verify you trust the skill code before storing credentials there. 2) It will download and persist contact data (emails, open_ids, etc.) to ~/.openclaw/.feishu-contacts-cache.json in plaintext; decide whether this local storage is acceptable. 3) The registry metadata omitted the required config path, which is an inconsistency; prefer skills whose metadata accurately lists required files/credentials. 4) The included Python script contains minor coding issues (possible syntax/logic bugs) — test it in a safe environment before using in production. 5) If you do not want the agent to call this skill autonomously, restrict agent permissions or disable autonomous invocation. If you need help auditing the full script for bugs or hidden network calls, consider sharing the complete file for review.

Review Dimensions

Purpose & Capability: noteName/description match the implementation: the script syncs from Feishu Open API and provides search/list/get operations. However, registry metadata did not declare the required config path (~/.openclaw/openclaw.json) even though SKILL.md and the script require it for appId/appSecret. The metadata and SKILL.md both require python3 and pypinyin, which is proportionate.
Instruction Scope: noteSKILL.md and the script instruct the agent to read ~/.openclaw/openclaw.json for Feishu app credentials and to write a persistent cache at ~/.openclaw/.feishu-contacts-cache.json. Those actions are consistent with syncing/searching contacts, but they do cause local persistence of potentially sensitive contact data. The instructions do not call out unexpected remote endpoints (they use open.feishu.cn), nor do they attempt to read unrelated system files. The explicit requirement to place secrets in a home config file should be noted.
Install Mechanism: okNo install spec is provided (instruction-only with an included script). This minimizes supply-chain risk compared to arbitrary downloads. The skill does include a Python script that will be executed when invoked.
Credentials: concernThe skill requests no environment variables, but it requires access to a local config file (~/.openclaw/openclaw.json) that must contain Feishu appId/appSecret. The registry metadata failed to declare this required config path, which is an inconsistency. Also the cache file stores user emails/IDs/possibly phone numbers locally in plaintext — this is expected for a contacts tool but is high-value sensitive data and should be protected.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated system privileges. It persists a cache file in the user's home directory and reads/writes its own files under ~/.openclaw, which is normal for this purpose. Autonomous invocation is enabled by default (platform default); this is not in itself flagged but you should be aware an agent could call the skill unless you restrict it.