Feishu ClawBot Card
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose, but it can turn untrusted card data into a copy-paste shell command without safe quoting, which could let a malicious card run extra commands if executed.
Use this skill only for cards from people or bots you trust. Avoid copying and running the rendered import command for untrusted cards; prefer manually inspecting the JSON first. The skill does not show hidden network or credential behavior, but its local Rolodex can retain incorrect identities if you import them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A card from someone else could produce a command that does more than import the card if it is copied into a shell or executed by an agent.
The render command places card content inside single quotes for a shell command. Imported card fields can contain single quotes, and JSON.stringify does not make the result safe for shell quoting, so a malicious card could break out of the argument if a user or agent runs the generated command.
text: `node skills/feishu-clawbot-card/index.js import '${JSON.stringify(CardProtocolSchema.parse(card))}'`Do not run generated import commands from untrusted cards. The skill should output raw JSON for import or use a safe transport such as a file/stdin argument, or properly shell-escape single quotes before displaying a command.
If you import an inaccurate or spoofed card, the agent may later remember and display the wrong identity information.
The skill is designed to persist identity cards received from others. Schema validation checks format, but the artifacts do not show cryptographic signing or verification that the claimed Feishu identity really belongs to the sender.
When someone sends you their card JSON (following FCC-v1 protocol), save it to your registry.
Only import cards from trusted sources, verify Feishu IDs out-of-band when identity matters, and periodically review or delete stale cards.
Users have less external context for who maintains the skill or where updates come from.
The package contents were provided for review, but the registry metadata does not provide a clear source repository or homepage for provenance checks.
Source: unknown; Homepage: none
Prefer installing from a trusted, auditable source and verify future updates before use.