Skillv1.0.0

ClawScan security

feishu-skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 6, 2026, 2:42 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The package appears to be a genuine Feishu skill pack installer, but there are several inconsistencies and risky instructions (undeclared environment/config dependencies, automatic auth behavior, and a cleanup step that can delete the source directory) that warrant caution before installing.
Guidance: What to consider before installing: - Review credentials & backups: The code expects FEISHU_APP_ID/FEISHU_APP_SECRET or an OpenClaw config (~/.openclaw/openclaw.json). Back up your OpenClaw config before installing because some scripts (quick-setup) claim to write credentials there. - Inspect code that writes files: The installer will copy skill directories into ~/.openclaw or ~/.enclaws tenant paths and will persist per-user OAuth tokens under the installed feishu-auth/.tokens. If you don't want persistent tokens on the host, avoid installing or run in an isolated environment. - Be cautious about automatic auth flow: Several SKILL.md files instruct the agent to automatically execute auth commands and to not ask the user before sending auth links. Decide whether you trust the agent to perform these actions automatically. - Avoid accidental deletion: The installer removes the source repoDir on exit and deletes non-skill files in in-place mode. Run the installer from a disposable/extracted directory or use node install.js --target <explicit-path> so you control where files are copied and to avoid unintentional deletion of your working directory. - Test in a sandbox: If possible, run the installer in a VM or container first to verify behavior (where it writes files, what it modifies) before installing on a production machine. - Audit sensitive modules: If you plan to use these skills, review feishu-auth/token-utils.* and feishu-quick-setup code to confirm how tokens and credentials are stored/updated and ensure there are no unexpected network endpoints or telemetry. If you want, I can extract and summarise the parts of feishu-auth/token-utils and feishu-quick-setup to show precisely where credentials are read/written and what files they modify.

Review Dimensions

Purpose & Capability: okThe code and README match the stated purpose: a bundle of Feishu/Lark integration skills plus an installer that copies skill directories into an OpenClaw/EnClaws skills directory. Files shown implement Feishu APIs and per-user OAuth flows as advertised.
Instruction Scope: concernSKILL.md and sub-SKILL.md files instruct the agent to execute the provided Node installer and many per-skill scripts directly (via exec). Some skill docs explicitly tell the agent to 'do not ask the user' and to automatically run auth/polling commands when auth is required — this grants the agent broad discretion to send auth links and perform operations without asking the user. Several SKILL.md entries also instruct the agent to execute without checking the environment, increasing the chance of unintended side effects.
Install Mechanism: noteThere is no external network download; the installer simply copies included files into the detected target skills directory. That is low-risk in itself. However, after successful install the script attempts to remove the source (repoDir) via a recursive delete on exit. If the installer is run from an important directory or a directory the user expected to keep, this cleanup could delete files unexpectedly. The installer also has an in-place mode that deletes non-skill files (README.md, SKILL.md, etc.) from the source directory.
Credentials: concernThe skill metadata declares no required environment variables or config paths, but the code and README clearly rely on environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET), OpenClaw config (~/.openclaw/openclaw.json), and the ENCLAWS_USER_WORKSPACE env var for detection. Additionally, some included skills (e.g., quick-setup) document writing credentials into the OpenClaw config and storing per-user tokens under feishu-auth/.tokens — these are plausible for the feature set but were not declared in the package metadata and grant persistent access to sensitive credentials.
Persistence & Privilege: noteThe installer writes skill directories into the user's skills area (~/.openclaw or ~/.enclaws/tenants/...), and included scripts will persist OAuth tokens and (per README) may write Feishu app credentials into ~/.openclaw/openclaw.json. The package is not marked always:true, and it does not appear to modify other skills' configurations automatically, but it does instruct the user/agent to change OpenClaw's top-level 'tools' settings to ensure these skills are used instead of built-in tools — which modifies agent behavior beyond simply adding files.