Ai Court Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate multi-agent chat-bot configuration, but it needs bot/API credentials, can keep running, and may share or store task context across agents and chat channels.
Install this only if you want a persistent multi-agent OpenClaw chat-bot system. Before starting it, review the configs copied into ~/.openclaw, use dedicated bot/API credentials, restrict Feishu/Discord access policies, verify any missing helper scripts from a trusted source, and avoid putting secrets into prompts or task descriptions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured too broadly, the bot may be able to read permitted messages and send messages as the bot in more chats than intended.
The setup requires Feishu application credentials and message read/send scopes. That is expected for a chat bot, but these credentials grant workspace messaging authority.
复制:App ID ... App Secret ... "im:message:send_as_bot", "im:message.p2p_msg:readonly", "im:message.group_at_msg:readonly"
Use a dedicated Feishu/Discord app, grant only needed scopes, store secrets securely, and prefer allowlists or pairing controls for private and group chats.
Private task details could be shared with other configured agents or chat rooms if the user includes sensitive information.
The dispatcher is instructed to forward user tasks to other agents and post work items to a chat channel. This is central to the skill, but it moves user context across agent and channel boundaries.
sessions_send --agentId neige --message "用户任务:..." ... message --channel discord --message "@兵部 请执行:..."
Review which agents and channels receive forwarded tasks, restrict chat access, and avoid sending secrets or sensitive business data unless the channel is trusted.
Task summaries or sensitive context may remain in local records and be reused in later coordination.
The workflow stores task progress/context. That is useful for coordination, but the artifacts do not specify retention, cleanup, or exact storage boundaries.
跟踪进度 — 定期询问进度,用 task-store 记录
Confirm where task records are stored, periodically clean them up, and avoid placing passwords, tokens, or confidential data in task descriptions.
The system may continue generating records or summaries after startup until the bot/gateway is stopped or the role is disabled.
One agent role is described as automatically creating daily and monthly records. This is disclosed and aligned with the collaboration-system concept, but it is ongoing autonomous behavior.
每日自动记录朝廷大事,生成起居注和月度报告
Disable scheduled/reporting agents if not needed, and define what conversations or tasks may be included in daily and monthly reports.
Following the task-store command may fail, or could run unreviewed local code if a matching script is added from another source.
The agent instructions reference a helper script that is not included in the supplied file manifest, which only includes scripts/doctor.sh. If users obtain or create that missing helper elsewhere, its behavior is outside this review.
node scripts/task-store.js create --id task_XXX --plan plan.json
Use only reviewed files from the installed package, verify any missing helper scripts before running them, and avoid copying commands into directories containing untrusted scripts.