Feishu Bot Connector

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This Feishu connector is purpose-aligned, but it should be used knowingly because it stores bot secrets, changes OpenClaw routing, and restarts the gateway.

Use this skill only if you intend to connect a Feishu bot to OpenClaw. Before running it, confirm the target agent and routing mode, choose restrictive DM/allowlist settings if needed, and remember that the Feishu App Secret will be stored in local OpenClaw config files and the gateway will be restarted.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI03: Identity and Privilege Abuse

Medium

What this means

A Feishu bot secret will be stored locally, and existing OpenClaw secrets may be copied into backup files.

Why it was flagged

The skill persists Feishu App Secret values into the user's OpenClaw configuration and backs up the existing config, which may also contain secrets.

Skill content

const CONFIG_PATH = path.join(process.env.HOME, '.openclaw', 'openclaw.json'); ... fs.copyFileSync(CONFIG_PATH, backupPath); ... appSecret: appsecret,

Recommendation

Use this only with trusted agents, keep ~/.openclaw permissions restricted, avoid exposing command-line secrets, and rotate the Feishu secret if it may have been leaked.

ASI02: Tool Misuse and Exploitation

Low

What this means

Running the skill can change message session behavior and briefly disrupt gateway service.

Why it was flagged

The shell commands are fixed strings and are aligned with the setup purpose, but they change OpenClaw state and restart the gateway.

Skill content

execSync('openclaw config set session.dmScope "per-account-channel-peer"', { stdio: 'pipe' }); ... execSync('openclaw gateway restart', { stdio: 'inherit' });

Recommendation

Run it only after confirming the intended account, agent, and routing mode, preferably during a time when a gateway restart is acceptable.

ASI07: Insecure Inter-Agent Communication

Medium

What this means

If the bot is reachable by many Feishu users, untrusted messages may be routed to the selected agent.

Why it was flagged

The default configuration allows broad Feishu message access unless the user supplies a more restrictive policy.

Skill content

dmPolicy: options.dmpolicy || 'open',
    allowFrom: ['*'],
    enabled: true

Recommendation

Consider using pairing or allowlist DM policies and group-specific bindings when the bot should not accept messages from everyone.

ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

If dependencies are installed, extra third-party code may be fetched even though it is not needed by the visible implementation.

Why it was flagged

The package declares an external semver-ranged dependency, while the provided code does not require it and there is no lockfile or install spec in the artifacts.

Skill content

"dependencies": {
    "readline": "^1.3.0"
  }

Recommendation

Prefer removing the unused dependency or pinning and verifying dependencies before installation.