v1.0.0

feishu-message-group-whitelist

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:34 AM.

Analysis

This instruction-only skill coherently filters Feishu group-chat replies using a local keyword whitelist, with no code, credentials, or hidden data flows shown.

GuidanceThis appears safe and purpose-aligned for a Feishu group-message whitelist. Before installing, confirm the keywords in config/whitelist.txt match your intended trigger terms, and remember that an empty whitelist will allow normal replies to all group messages.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

若白名单为空 → 跳过过滤，正常回复（兼容未配置场景）

The skill is advertised as whitelist-triggered filtering, but it explicitly says an empty whitelist disables filtering and allows normal replies.

User impactIf the whitelist file is accidentally emptied, the Feishu bot may respond to all group messages instead of staying silent.

RecommendationKeep at least one intended keyword in config/whitelist.txt, and consider changing the fallback behavior if an empty whitelist should mean no replies.