Back to skill
Skillv1.0.0
VirusTotal security
feishu-skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 6, 2026, 3:01 AM
- Hash
- 2342399b32a1cf5d56e0926d825409953a2f0aef0dd3670e6462f9c701f4897e
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: feishu-skills Version: 1.0.0 The skill bundle is a comprehensive and well-architected Feishu (Lark) integration for OpenClaw. It implements secure OAuth Device Flow for per-user authorization, with tokens stored locally using AES-256-GCM encryption (feishu-auth/token-utils.js). A significant security feature is the use of 'DATA_WARNING' prefixes in text extraction and OCR outputs (extract.js, ocr.js) to prevent the AI agent from interpreting document content as system instructions (indirect prompt injection). While the extraction utility dynamically installs npm dependencies via execSync, the package names are hardcoded, and the behavior is consistent with the stated goal of providing a zero-config installation experience. All network communication is directed to official Feishu/Lark domains (feishu.cn, larksuite.com).
- External report
- View on VirusTotal