ClawHub

Feishu Bot Config Helper

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it can automatically change OpenClaw configuration, store Feishu secrets, and restart the Gateway without enough user control.

Review before installing. Use test Feishu credentials first, rotate any secret copied from the example, back up ~/.openclaw/openclaw.json, inspect the installer instead of piping it directly to bash, and manually restrict Feishu allowlists, group access, and Agent skills after configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The changelog documents a keyword-to-Agent auto-matching scheme that uses very broad, common terms such as '内容', '通用', and '工作'. In the context of automatic bot configuration, this can cause unintended Agent selection or misconfiguration, which may route conversations, memory, and actions to the wrong workspace without clear user intent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The file advertises automatic updates to openclaw.json and automatic Gateway restarts, but does not indicate safeguards, approval, rollback, or operator notice. In a system-integrated skill, configuration mutation plus service restart can create availability risk, unsafe state changes, or unauthorized operational impact if triggered unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that the skill will automatically create workspaces, modify `openclaw.json`, and restart the Gateway, but it does not provide a prominent warning that these are system-impacting operations. In a chat-driven setup flow, users may trigger persistent configuration changes and service disruption without fully understanding the consequences, increasing the risk of accidental misconfiguration or downtime.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README instructs users to provide `App Secret` directly in a chat-style configuration flow, but gives no privacy or security warning about handling credentials in conversational interfaces. This is dangerous because chat logs, agent memory, telemetry, screenshots, or multi-user channels may expose the secret, enabling unauthorized access to the Feishu app integration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises automatic updates to openclaw.json and automatic Gateway restarts, which are state-changing operations that can affect system availability and routing. Because the documentation does not clearly warn users about these side effects or require explicit confirmation before modification, it increases the risk of unintended configuration changes and service disruption.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script handles high-value credentials and persists the App Secret directly into configuration without any masking, warning, or explicit confirmation workflow. In a local admin tool this may be intentional, but it still increases the chance of accidental disclosure through logs, screenshots, shell history, or insecure file permissions around the config file.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically modifies the main openclaw configuration and restarts the gateway immediately after parsing input, with no review or confirmation step. Because the input is intended to come from a free-form message, a mistaken, spoofed, or maliciously crafted configuration string could cause unintended service disruption or unauthorized routing changes.

Ssd 3

High
Confidence
99% confidence
Finding
The example includes a real-looking `App Secret` value and normalizes the practice of pasting sensitive credentials into conversational setup instructions. Even if the sample secret is non-production, this pattern trains users to expose secrets in unsafe contexts and may lead to credential leakage through chat retention, logs, or copied examples.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal