v1.0.2

Feishu Interactive Cards

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

The skill’s Feishu card purpose is coherent, but it reads local Feishu/Gateway credentials and forwards callback data while the registry metadata declares no credentials or config requirements.

GuidanceReview this skill before installing. It appears designed for legitimate Feishu interactive-card workflows, but running it requires trusting it with your Feishu bot/app credentials and Gateway token, and it forwards user interaction data to the Gateway. Use least-privilege Feishu credentials, confirm the Gateway URL is trusted, and stop the callback server when you no longer need it.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

When replying to Feishu and there is ANY uncertainty: send an interactive card instead of plain text.

The skill broadly instructs the agent to prefer this tool in uncertain Feishu replies, which is aligned with the card-interaction purpose but changes response behavior.

User impactThe agent may send more interactive cards instead of simple text replies when it is unsure.

RecommendationInstall only if you want this default behavior, and keep clear rules for when plain text is sufficient.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

await exec({ command: `node E:\\openclaw\\workspace\\skills\\feishu-interactive-cards\\scripts\\send-card.js confirmation "Confirm delete file test.txt?" --chat-id ${chatId}` });

The recommended agent workflow uses shell execution with dynamic arguments; this is central to the skill but requires careful quoting and validation.

User impactIf untrusted values are inserted into shell commands, they could cause incorrect command execution or command-injection risk.

RecommendationUse safe argument passing where possible, validate dynamic values such as chat IDs and template paths, and review commands before running them.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

package.json

"repository": { "url": "https://github.com/yourusername/feishu-interactive-cards.git" }, ... "requires": { "bins": ["node"], "channels": ["feishu"] }

The package metadata shows Node/Feishu requirements and a placeholder repository, while the registry lists no install spec or required binaries.

User impactIt is harder to verify the upstream source and the exact runtime setup from the registry alone.

RecommendationVerify the package source and dependencies before installation, and prefer metadata that accurately declares required binaries, channels, and provenance.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Start Callback Server (Long-Polling Mode) ... Auto-reconnects ... Sends callbacks to OpenClaw Gateway automatically

The skill runs a long-polling callback server that reconnects and forwards events; this is disclosed and core to the feature, but it is long-running behavior.

User impactThe process can continue receiving Feishu interactions and forwarding callbacks until the user stops it.

RecommendationRun the callback server only when needed, monitor its logs, and stop it when the interaction workflow is finished.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/card-callback-server.js

const configPath = path.join(os.homedir(), '.openclaw', 'openclaw.json'); ... appSecret: feishuConfig.appSecret ... token: process.env.OPENCLAW_GATEWAY_TOKEN || config.gateway?.token || ''

The code reads local Feishu app credentials and an OpenClaw Gateway bearer token, while the registry metadata lists no primary credential, env vars, or required config paths.

User impactInstalling or running this skill can give it access to the Feishu bot/app account and Gateway authorization configured on the machine.

RecommendationUse a least-privilege Feishu bot/app, verify the Gateway token and URL, and require the skill metadata to clearly declare its credential and config-file requirements.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

references/gateway-integration.md

回调服务器会自动将所有飞书卡片交互发送到 OpenClaw Gateway ... data.raw_data: 完整的原始回调数据

The docs disclose that all Feishu card interactions, including full raw callback data, are forwarded to the OpenClaw Gateway.

User impactUser IDs, chat IDs, button values, and form answers may be shared with the local or configured Gateway service.

RecommendationEnsure the Gateway URL is trusted, prefer localhost or a secured endpoint, avoid logging raw callback data unnecessarily, and minimize sensitive data placed in card values/forms.