Feishu Bot Config Helper
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: feishu-bot-config-helper Version: 0.1.2 The skill bundle automates Feishu bot configuration by parsing sensitive credentials (App ID/Secret) from user messages and writing them to the core 'openclaw.json' configuration file. It performs high-risk operations including executing shell commands via 'child_process.exec' to create directories and restart the system gateway, and it promotes a 'curl | bash' installation pattern in its documentation (SKILL.md, README.md). While these behaviors are aligned with the stated purpose of the tool, the handling of plaintext secrets and modification of system-level configurations without robust input sanitization pose a significant security risk, although no evidence of intentional data exfiltration or backdoors was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this way could run unreviewed code on the user's machine.
The documented install path executes a remote script directly from the mutable GitHub 'main' branch, so installed code can differ from the reviewed package.
curl -fsSL https://raw.githubusercontent.com/jiebao360/feishu-bot-config-helper/main/install.sh | bash
Avoid curl-to-bash installs from mutable branches; install from a pinned release or commit and inspect the installer before running it.
A single configuration run can change which agents exist, which Feishu bot credentials are active, how messages route, and restart the user's gateway service.
After parsing a configuration message, the script mutates OpenClaw agents/accounts/bindings, writes the global config file, and restarts the gateway without a visible approval or rollback step.
this.addAgent(config, botConfig); this.addFeishuAccount(config, botConfig); this.addBinding(config, botConfig); ... if (!this.writeConfig(config)) ... await this.restartGateway();
Require an explicit local admin confirmation, show a diff, create a backup of openclaw.json, and provide a rollback path before applying changes or restarting the gateway.
The created bot may be reachable more broadly than intended, and the Feishu app secret becomes part of the persistent OpenClaw configuration.
The script stores Feishu app credentials and configures the new account with wildcard direct-message allowance and open group policy.
appSecret: botConfig.appSecret, ... dmPolicy: 'allowlist', allowFrom: ['*'], groupPolicy: 'open'
Use narrowly scoped Feishu app credentials, avoid pasting secrets in shared chats, restrict allowFrom/groupPolicy to intended users or groups, and document where secrets are stored.
Existing OpenClaw agents may be changed unintentionally, and the gateway restart can propagate those changes immediately.
The script reuses fixed agent IDs such as work, notes, or generic_content and updates an existing agent's skills when the ID already exists, so a new bot setup can alter an existing agent.
const exists = config.agents.list.some(agent => agent.id === botConfig.agentId); if (exists) { ... agent.skills = botConfig.skills; }Detect collisions clearly, require confirmation before updating existing agents or accounts, and prefer unique account/agent IDs for each configured bot.
The skill can execute local commands that affect the user's OpenClaw service.
The script uses shell execution for local setup and gateway restart. The visible commands are fixed and purpose-aligned, but users should notice that the skill runs local commands.
const { exec } = require('child_process'); ... exec('openclaw gateway restart', (error) => {Run it only in an environment where you are comfortable allowing the skill to control OpenClaw configuration and gateway lifecycle.