Back to skill

Security audit

OpenClaw Feishu Quota Guard

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw quota-fixing skill, but one helper can scan broad personal folders and print matching file contents that may include sensitive data.

Review before installing. Run the fixer with --dry-run and explicit --config/--workspace paths. Avoid running the candidate scanner without specifying a narrow workspace, and do not share its output until you have checked it for tokens, URLs, or private content. Back up any existing same-named skill directory before using the installer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to execute local shell commands and use a fixer that reads and modifies configuration files, but the skill metadata shown here declares no permissions. That mismatch is a real security issue because it hides the skill's effective capabilities from policy enforcement and user review, increasing the chance of unapproved command execution or file changes on the host.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script defaults to scanning broad user directories including Documents and Downloads, not just OpenClaw-specific paths. It then enumerates filenames and prints matching content lines, which can expose unrelated local files containing keywords like webhook, health, gateway, or lark during routine diagnosis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The installer unconditionally removes the destination skill directory with shutil.rmtree() if it already exists, then recreates it. This can destroy existing local modifications, backups, or previously installed content without confirmation, and if the destination path is misdetected or user-supplied unexpectedly, the data-loss impact extends beyond a normal overwrite.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script searches broad default roots and prints matching lines from text files and logs without consent gating, redaction, or sensitivity checks. Because the regexes target common terms such as webhook, gateway, verificationToken, and health, the output may disclose secrets, internal endpoints, or other sensitive local data unrelated to the intended Feishu quota investigation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.