Back to skill
Skillv1.0.2
VirusTotal security
Feishu Interactive Cards · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:32 AM
- Hash
- 0cf932759b73e5a6570a8e4dc37c24f930202f4dbceadf24ae90d8011b91ce7d
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: feishu-interactive-cards Version: 1.0.2 The skill bundle is classified as benign. It demonstrates strong security awareness, explicitly documenting and fixing critical vulnerabilities (command injection and arbitrary file read) in previous versions. The `SKILL.md` provides clear security warnings and safe coding examples for the AI agent, instructing it to validate user input and use Node.js `fs` APIs instead of shell commands. The `scripts/send-card.js` implements robust path validation, whitelisting, and file extension checks for custom card templates, directly mitigating arbitrary file read risks. All network communication is directed to the local OpenClaw Gateway or legitimate Feishu APIs, and there is no evidence of intentional malicious behavior, obfuscation, or unauthorized data exfiltration.
- External report
- View on VirusTotal