Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
alarm
v1.0.2读取飞书/lark 的文本或语音消息,识别是否包含需要提醒的待办和截止时间,并根据消息语义和时间跨度自动判断一个偏宽松的提醒时间。适用于飞书机器人处理“今天 5 点前给我”“明天下午三点提醒我”“发语音说周五前记得提交”这类消息。支持先用 senseaudio asr 把语音转文字,再分析并建立提醒;启用 asr...
⭐ 0· 168·0 current·0 all-time
byHeiMaoM@hei-maom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (Feishu alarms with optional SenseAudio ASR) aligns with the included code: it parses time expressions, stores reminders in local SQLite, uploads local audio to a SenseAudio endpoint for ASR, and uses Feishu API to send confirmations/reminders. However the top-level registry summary in the provided metadata claimed “Required env vars: none / Primary credential: none” while SKILL.md and _meta.json and the code require FEISHU_APP_ID, FEISHU_APP_SECRET and SENSEAUDIO_API_KEY. This metadata mismatch is an inconsistency to be aware of (likely packaging/metadata error, not necessarily malicious).
Instruction Scope
SKILL.md and the scripts explicitly limit behavior to parsing messages, optionally uploading local audio to the configured SenseAudio ASR endpoint, persisting reminders to a local SQLite DB, and using Feishu API to send messages. There are no instructions to read unrelated system files or to exfiltrate arbitrary data beyond the audio uploaded to the ASR endpoint and the Feishu API calls needed for confirmations/reminders.
Install Mechanism
There is no install spec (instruction-only) in the registry, but the package includes code files and a requirements.txt (requests). No external arbitrary downloads, package managers, or extract-through-URL installers are used. You will need to install dependencies (requests) and run the included Python scripts. The mismatch between 'instruction-only' and having runnable code is a packaging detail to check.
Credentials
The code requires FEISHU_APP_ID, FEISHU_APP_SECRET and SENSEAUDIO_API_KEY at process start (get_required is used and will raise if missing). These env vars are appropriate for the described integrations. However the registry summary at the top incorrectly lists 'Required env vars: none' which could mislead users or automated deploy systems. Also the ASR base URL is configurable via SENSEAUDIO_BASE_URL — if an operator sets this to an attacker-controlled endpoint, uploaded audio (and ASR results) would be sent there. Ensure env vars are provided only from trusted sources and the ASR base URL is not overridden to an untrusted host.
Persistence & Privilege
The skill persists reminders to a local SQLite DB (default ./data/reminders.db) and runs a poll loop to send due reminders. It does not request system-wide privileges, does not set always:true, and does not modify other skills' configs. Local persistence and periodic polling are coherent with its purpose.
What to consider before installing
This skill appears to implement what it claims (Feishu reminders + optional SenseAudio ASR) — but check these before installing:
- Provide the required env vars at process start: FEISHU_APP_ID, FEISHU_APP_SECRET, SENSEAUDIO_API_KEY. The registry top-level metadata incorrectly states none are required; that is misleading. The code will fail if those three are not present.
- Understand audio upload: any audio passed to create-reminder-audio will be uploaded to the configured SENSEAUDIO_BASE_URL (default https://api.senseaudio.cn). Do not set SENSEAUDIO_BASE_URL to an untrusted host, since audio content and ASR results will be transmitted there.
- Review and run the code in an isolated environment: the code makes outbound HTTPS requests (Feishu and ASR) and writes a local SQLite DB (default ./data/reminders.db). Run with least privilege and on infrastructure where storing reminders locally is acceptable.
- Confirm dependency installation manually (requests) and pin versions if deploying to production.
- Because the package metadata is inconsistent about required env vars and there is runnable code included, audit the included scripts yourself (they are short and readable) before granting it access to real credentials.
If you cannot or will not review code and environment values, treat the skill as higher risk because it will transmit audio and use Feishu credentials to send messages.Like a lobster shell, security has layers — review code before you run it.
latestvk97etz4xvsrk6ne3ryqsxfsc79832ghv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.