ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书新机器人创建

v1.0.0

飞书新机器人创建工作流。当大哥要求创建新的飞书bot、建立新的飞书机器人、或者新增bot时使用此skill。触发场景包括:大哥说"创建一个新的飞书bot"、"新建一个机器人"、"新增bot"、"帮我创建一个飞书机器人"。

0· 97·0 current·0 all-time
by@jinchenjia

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jinchenjia/feishu-new-bot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "飞书新机器人创建" (jinchenjia/feishu-new-bot) from ClawHub.
Skill page: https://clawhub.ai/jinchenjia/feishu-new-bot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-new-bot

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-new-bot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (creating a new Feishu bot) aligns with most steps: creating an app on the Feishu platform and obtaining APP ID/APP SECRET. However, the instructions require filesystem-level actions (creating /Users/jiaclaw/.openclaw/<bot>, modifying openclaw.json) and syncing from a named 'Thanos workspace' that were not declared in the metadata (no required config paths or credentials). The hard-coded user path (/Users/jiaclaw) and implicit expectation of access to other workspaces are unexpected for a simple 'bot creation' helper.
!
Instruction Scope
SKILL.md explicitly instructs creating directories under a specific home path, modifying gateway-wide openclaw.json, and syncing files from another workspace (Thanos). Those are file-system and config operations outside a transient, purely-instruction scope and could touch other bots or secrets. Although the doc says to obtain consent before editing openclaw.json, it does not specify exactly where that file lives, how secrets are stored, or how to back up/validate edits.
Install Mechanism
There is no install spec and no code files—this is instruction-only, so nothing will be downloaded or written by an installer. That is the lowest install risk.
Credentials
Metadata declares no required environment variables or credentials, yet the workflow requires the user to provide APP ID and APP SECRET and implies creating/storing them in openclaw.json. The skill does not specify how secrets should be handled, where they will be stored, or whether they might be persisted in plaintext, which is a practical gap (not necessarily malicious, but worthy of caution).
!
Persistence & Privilege
The workflow instructs modifying a gateway-level configuration file (openclaw.json) to add the new bot. Editing a shared gateway config can affect other agents and is effectively a system-wide change; the instructions acknowledge consent is needed but give no safeguards (backup, validation, or limited-scope change). This cross-cutting modification increases risk if performed without strong controls.
What to consider before installing
This skill mostly documents how to create a Feishu bot, but before using it consider: (1) The guide tells the agent to create /Users/jiaclaw/.openclaw/<bot> and to edit openclaw.json — confirm the exact file locations and who will perform those edits (you or the agent). (2) Editing openclaw.json is a gateway-wide change that can affect other bots; insist on explicit consent, a backup of the current openclaw.json, and a review step before applying changes. (3) The skill asks you to provide APP SECRET/APP ID — verify how those secrets will be stored (avoid plaintext commits) and who has access. (4) Clarify what 'Thanos workspace' is and whether syncing files requires reading other users' or bots' files. (5) If you want lower risk, perform filesystem and config edits yourself following the guide rather than granting the agent permission to do them autonomously. Providing answers to: exact openclaw.json path, where secrets are stored, and whether the agent will be allowed to perform edits would increase confidence in safety.

Like a lobster shell, security has layers — review code before you run it.

latestvk97adwznawq2yzzkhr12p6xqrx83wzhm
97downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@jinchenjia
latest
Download

feishu-new-bot

飞书新机器人创建完整工作流。

前提条件

  • 大哥已有飞书开放平台账号
  • 大哥愿意亲自创建应用(这一步必须大哥操作,AI无法代劳)

完整流程

第一步:大哥创建应用

告诉大哥访问以下链接创建企业自建应用(机器人):

https://open.feishu.cn/page/openclaw?form=multiAgent

命名规则(必须遵守):

  • 不能有空格
  • 不能有特殊符号
  • 只能使用字母、数字、下划线

第二步:大哥提供凭证

大哥把以下信息发给我:

  • APP ID
  • APP SECRET

第三步:创建工作目录

/Users/jiaclaw/.openclaw/ 下建立新bot的workspace根目录,目录名 = bot名字(与APP名字一致)。

第四步:修改openclaw.json配置

在gateway配置中添加新bot信息,需要包含:

  • APP ID
  • APP SECRET
  • workspace路径(刚创建的目录)

重要:修改openclaw.json前必须先征得大哥同意,不能自行修改。

第五步:重启Gateway

配置修改后需要重启Gateway使配置生效。

第六步:同步工作文件

从大哥的Thanos workspace同步以下文件到新bot的workspace:

文件处理方式
AGENTS.md直接同步
TOOLS.md直接同步
USER.md直接同步
MEMORY.md改造后同步(清理Thanos相关内容)
HEARTBEAT.md不同步(新bot自己创建)

第七步:建立身份文件

为新bot创建 SOUL.mdIDENTITY.md

  • 根据新bot的角色和职责确定性格定位
  • 设置合适的Emoji和Avatar描述
  • 写入大哥制定的行为准则(最高执行准则)

第八步:验证连接

  1. 获取新bot的sessionKey
  2. 通过 sessions_send 发送测试消息确认能正常调用
  3. 确认回复正常即完成

快速检查清单

  • 大哥已创建应用并提供APP ID、APP SECRET
  • 工作目录已创建
  • openclaw.json已修改并重启Gateway
  • 工作文件已同步
  • SOUL.md和IDENTITY.md已创建
  • 连接验证通过

注意事项

  1. openclaw.json修改必须先征得大哥同意
  2. HEARTBEAT.md由新bot自己创建,不要从Thanos复制
  3. 新bot的SOUL.md和IDENTITY.md要根据其职责定制,不是简单复制
  4. 如果大哥忘记创建应用,引导他去开放平台创建

Comments

Loading comments...