Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Feishu Doc
v1.0.0Guide for OpenClaw agents to create, read, and edit Feishu/Lark documents via API. Use when: (1) creating a new Feishu doc and writing content, (2) reading a...
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's description matches Feishu document operations, but the included references/guide explicitly shows use of an app_id/app_secret and tenant_access_token (and instructs placing app credentials in ~/.openclaw/openclaw.json). The skill metadata declares no required credentials or primaryEnv; this mismatch is not proportional to the stated manifest and is an omission that affects security decisions.
Instruction Scope
SKILL.md and references/guide.md instruct the agent to (a) set documents to public/anyone_editable, (b) use web_fetch on feishu doc links, and (c) change openclaw.json to enable tools.sessions.visibility = "all" and restart the gateway. Enabling cross-agent session visibility and making docs publicly editable are outside narrow 'create/read/edit a doc' semantics because they broaden data exposure across agents and external users.
Install Mechanism
Instruction-only skill with no install spec or code files. No binaries, downloads, or package installs — low install risk.
Credentials
The guidance requires Feishu app credentials (app_id/app_secret → tenant_access_token) but the skill metadata lists no required environment variables or primary credential. Also it tells users to store secrets in openclaw.json. Requesting/using these secrets is reasonable for the operation, but failing to declare them in metadata is an incoherence and prevents automated vetting of the skill's credential needs.
Persistence & Privilege
always is false (good), but the instructions explicitly tell operators to change agent configuration (openclaw.json) to make sessions.visible to all agents. That increases the platform blast radius — a privilege/visibility change that should be flagged and intentionally authorized by administrators, not performed automatically by an agent.
What to consider before installing
This guide appears to implement correct Feishu API calls, but there are three things to consider before installing/using it:
1) Missing credential declaration: The docs require a Feishu app_id and app_secret (to obtain a tenant_access_token), but the skill metadata does not declare any required credentials. Ask the publisher to explicitly list the required env vars/primary credential. Treat app_secret like any secret: store it only in a secure location and rotate if reused.
2) Public docs and cross-agent visibility are risky: The instructions recommend setting docs to "anyone_editable" and enabling tools.sessions.visibility="all" in openclaw.json. Both actions increase exposure — they may leak sensitive content to other agents or external users. Prefer granting the agent's app collaborator access to specific docs or using least-privilege share links instead of global public-edit settings. Only enable sessions.visibility across agents if you understand and accept the privacy implications.
3) Operational best practices: Use a dedicated Feishu bot/tenant with minimal permissions for automation, limit token lifetime, avoid making sensitive documents public, and review openclaw.json changes with an administrator. If you need higher assurance, request the publisher to (a) declare required credentials in the skill metadata, (b) provide a changelog or provenance for the guide, and (c) avoid instructing blanket config changes in guidance — prefer documenting manual, well-scoped steps.Like a lobster shell, security has layers — review code before you run it.
latestvk976xaazyd9wqajy5dee8ayqv1844knj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.