Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-skills

v1.0.0

Feishu (Lark) skill pack installer. Downloads and installs all Feishu integration skills for OpenClaw / EnClaws — including bot setup, docs, calendar, tasks,...

⭐ 0· 55·0 current·0 all-time

by@hashstacs-hk

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The code and README match the stated purpose: a bundle of Feishu/Lark integration skills plus an installer that copies skill directories into an OpenClaw/EnClaws skills directory. Files shown implement Feishu APIs and per-user OAuth flows as advertised.

Instruction Scope

SKILL.md and sub-SKILL.md files instruct the agent to execute the provided Node installer and many per-skill scripts directly (via exec). Some skill docs explicitly tell the agent to 'do not ask the user' and to automatically run auth/polling commands when auth is required — this grants the agent broad discretion to send auth links and perform operations without asking the user. Several SKILL.md entries also instruct the agent to execute without checking the environment, increasing the chance of unintended side effects.

ℹ

Install Mechanism

There is no external network download; the installer simply copies included files into the detected target skills directory. That is low-risk in itself. However, after successful install the script attempts to remove the source (repoDir) via a recursive delete on exit. If the installer is run from an important directory or a directory the user expected to keep, this cleanup could delete files unexpectedly. The installer also has an in-place mode that deletes non-skill files (README.md, SKILL.md, etc.) from the source directory.

Credentials

The skill metadata declares no required environment variables or config paths, but the code and README clearly rely on environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET), OpenClaw config (~/.openclaw/openclaw.json), and the ENCLAWS_USER_WORKSPACE env var for detection. Additionally, some included skills (e.g., quick-setup) document writing credentials into the OpenClaw config and storing per-user tokens under feishu-auth/.tokens — these are plausible for the feature set but were not declared in the package metadata and grant persistent access to sensitive credentials.

ℹ

Persistence & Privilege

The installer writes skill directories into the user's skills area (~/.openclaw or ~/.enclaws/tenants/...), and included scripts will persist OAuth tokens and (per README) may write Feishu app credentials into ~/.openclaw/openclaw.json. The package is not marked always:true, and it does not appear to modify other skills' configurations automatically, but it does instruct the user/agent to change OpenClaw's top-level 'tools' settings to ensure these skills are used instead of built-in tools — which modifies agent behavior beyond simply adding files.

What to consider before installing

What to consider before installing: - Review credentials & backups: The code expects FEISHU_APP_ID/FEISHU_APP_SECRET or an OpenClaw config (~/.openclaw/openclaw.json). Back up your OpenClaw config before installing because some scripts (quick-setup) claim to write credentials there. - Inspect code that writes files: The installer will copy skill directories into ~/.openclaw or ~/.enclaws tenant paths and will persist per-user OAuth tokens under the installed feishu-auth/.tokens. If you don't want persistent tokens on the host, avoid installing or run in an isolated environment. - Be cautious about automatic auth flow: Several SKILL.md files instruct the agent to automatically execute auth commands and to not ask the user before sending auth links. Decide whether you trust the agent to perform these actions automatically. - Avoid accidental deletion: The installer removes the source repoDir on exit and deletes non-skill files in in-place mode. Run the installer from a disposable/extracted directory or use node install.js --target <explicit-path> so you control where files are copied and to avoid unintentional deletion of your working directory. - Test in a sandbox: If possible, run the installer in a VM or container first to verify behavior (where it writes files, what it modifies) before installing on a production machine. - Audit sensitive modules: If you plan to use these skills, review feishu-auth/token-utils.* and feishu-quick-setup code to confirm how tokens and credentials are stored/updated and ensure there are no unexpected network endpoints or telemetry. If you want, I can extract and summarise the parts of feishu-auth/token-utils and feishu-quick-setup to show precisely where credentials are read/written and what files they modify.

✗

feishu-docx-download/extract.js:29

Shell command execution detected (child_process).

✗

feishu-docx-download/extract.mjs:32

Shell command execution detected (child_process).

✗

feishu-auth/auth.js:318