OpenClaw Feishu Quota Guard

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its quota-fixing purpose, but its scanner can search broad personal folders and print sensitive config or token lines into the agent session.

Before installing or running it, use dry-run mode, pass explicit --config and --workspace paths, avoid running the candidate scanner with no roots, and review output for secrets before sharing it with an agent or support channel.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

Private documents, logs, or token values could be copied into the agent conversation or logs during troubleshooting.

Why it was flagged

When no scan root is supplied, the script searches broad personal folders and prints full matching lines, including credential-like Feishu verification-token lines, into command output without redaction.

Skill content

home / "Documents", home / "Downloads" ... "verificationToken" ... hits.append("{}:{}:{}".format(path, lineno, line.strip()))

Recommendation

Run the scanner only with an explicit OpenClaw workspace/config path, remove Documents/Downloads from default roots, and redact token values before printing matches.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Heartbeat behavior may change or be disabled, affecting how OpenClaw runs in the future.

Why it was flagged

The bundled fixer persistently edits the OpenClaw config after creating a backup; this is aligned with the quota-reduction purpose but is still a local agent-behavior change.

Skill content

set_value("every", "1h") ... backup = backup_file(config_path) ... json.dump(data, f, ensure_ascii=True, indent=2)

Recommendation

Use the documented --dry-run first, confirm the target config path, keep the backup, and approve non-dry-run changes explicitly.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may think this is purely instructional or dependency-free when practical use requires local script execution and Python/OpenClaw tooling.

Why it was flagged

The package ships runnable Python/shell helpers, while registry metadata does not declare runtime requirements or an install mechanism; the behavior is documented, but the metadata understates what users will run.

Skill content

Required binaries ... none ... No install spec — this is an instruction-only skill. Code file presence: 6 code file(s)

Recommendation

Declare Python/OpenClaw/shell requirements and align package metadata with the shipped helper scripts.