Skillv1.0.0

ClawScan security

Feishu Sheet Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 8:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated intent (read Feishu sheets) matches the code's network calls, but it silently reads the agent config file and relies on undeclared credentials/environment variables and has a small mismatch between the SKILL.md instructions and the actual code—these inconsistencies warrant caution.
Guidance: This skill appears to do what it says (call Feishu APIs and return sheet data) but has a few inconsistencies you should consider before installing: (1) it requires Feishu app credentials, but the registry lists none — the script looks for them in ~/.openclaw/openclaw.json or the FEISHU_APP_ID / FEISHU_APP_SECRET environment variables; (2) it reads the agent's config file directly, which could expose unrelated credentials stored there; (3) SKILL.md suggests using `openclaw config get` but the code bypasses that and reads the file itself. Recommended steps: inspect ~/.openclaw/openclaw.json to see what it contains; prefer to provide FEISHU_APP_ID and FEISHU_APP_SECRET as environment variables rather than exposing the whole agent config; ask the author to update SKILL.md and the registry metadata to declare required env vars and to either use the documented `openclaw config get` workflow or justify direct config-file access; if you must run it, do so in an account/environment without other sensitive credentials or in a sandbox. If the author confirms the config file only contains scoped Feishu app credentials (and updates the docs), that reduces concern.

Review Dimensions

Purpose & Capability: noteThe skill's purpose (calling Feishu APIs to read sheets) aligns with the included script which requests Feishu tenant tokens and sheet data. However the SKILL.md says credentials are obtained via `openclaw config get` while the script directly reads ~/.openclaw/openclaw.json (and falls back to FEISHU_APP_ID/FEISHU_APP_SECRET env vars) — a mismatch in how credentials are retrieved.
Instruction Scope: concernSKILL.md describes parsing sheet URLs and calling Feishu APIs (expected). The shipped script performs those actions, but it also directly reads the agent's config file (~/.openclaw/openclaw.json). Reading that file can expose credentials or configuration unrelated to this skill (it looks up the 'channels.feishu.accounts' tree but opens the entire config). The SKILL.md's instruction to use `openclaw config get` is not reflected in the code.
Install Mechanism: okInstruction-only with no install spec and no external downloads; the script runs local curl subprocesses. No installer or archive download risk was detected.
Credentials: concernRegistry metadata declares no required env vars/credentials, but the script needs Feishu app credentials either from ~/.openclaw/openclaw.json or from FEISHU_APP_ID / FEISHU_APP_SECRET env vars. The skill should explicitly declare these requirements. Reading the agent config file without declaring this expands the data surface (may expose other channel credentials).
Persistence & Privilege: concernThe skill does not request always:true and does not modify system configuration, which is good. However it reads the global agent config file (~/.openclaw/openclaw.json) at runtime — this read is a privileged access to potentially sensitive config belonging to the agent and other skills and should be explicitly justified and documented.