Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书进化仪表盘

v1.0.0

Feishu-integrated wrapper for the capability-evolver. Manages the evolution loop lifecycle (start/stop/ensure), sends rich Feishu card reports, and provides...

⭐ 0· 40·0 current·0 all-time

by@linbo405

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires walletRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims to be a Feishu wrapper for the capability-evolver, which would legitimately need Feishu credentials and access to evolver state; however the registry metadata and SKILL.md list no required env vars or credentials. The code expects FEISHU_APP_ID, FEISHU_EVOLVER_DOC_TOKEN, OPENCLAW_MASTER_ID, a feishu_token.json file under memory, and reads .env. This mismatch between declared requirements and actual needs is concerning because users cannot see upfront what secrets the skill will use or require.

Instruction Scope

SKILL.md shows only simple CLI usage, but the included scripts do a lot: read logs and assets (assets/gep/events.jsonl, memory and logs), parse and truncate potentially sensitive content, create or append Feishu Docs, send interactive Feishu cards, run other local scripts via execSync/spawn, delete old error logs, and probe /proc for PIDs. The runtime therefore accesses many workspace files and transmits aggregated content to external Feishu APIs — behavior broader than the concise SKILL.md suggests and worth manual review.

ℹ

Install Mechanism

No install spec (instruction-only skill) — lower install risk because nothing is downloaded at install time. However, the package includes many JS files that will be executed at runtime; there is no separate vetted install step, so the runtime code (which is present) must be reviewed carefully before allowing it to run.

Credentials

Although the registry lists no required environment variables or primary credential, the code depends on multiple env vars and on a local token file (feishu_token.json). It reads FEISHU_APP_ID, FEISHU_BOT_NAME, FEISHU_EVOLVER_DOC_TOKEN, OPENCLAW_MASTER_ID, EVOLVE_REPORT_TOOL, and other EVOLVE_* settings, and also loads .env. Requiring no declared secrets but using many in practice is disproportionate and hides the true credential needs from users.

ℹ

Persistence & Privilege

The skill spawns and manages long-running processes (daemon/ensure loops), writes PID and heartbeat files, may kill duplicate processes (uses process.kill and /proc inspection), and writes to memory/log directories. These actions are consistent with lifecycle management but have real operational impact (can stop processes, delete stale logs). This is expected for a watchdog wrapper, but it is powerful enough that it should be run in a controlled environment and with explicit user consent.

What to consider before installing

This package contains many runtime scripts that read workspace memory and logs, manage daemons, and upload history/reports to Feishu. Before installing or running it: (1) Inspect and audit the included JS files (especially index.js, lifecycle.js, report.js, export_history.js, feishu-helper.js) to confirm they only send intended data. (2) Be aware the code expects Feishu credentials (app id / tokens) and a feishu_token.json file even though none are declared — avoid providing high-privilege credentials; use least-privilege tokens. (3) Run it in an isolated environment (container or sandbox) first — it can spawn daemons, write PID files, kill duplicate processes, and delete old logs/artifacts. (4) Backup any logs or memory files it may touch, and consider denying access to directories you don't want exported. (5) If you need to proceed, set conservative FEISHU tokens and review or stub feishu-common/index.js to ensure no unintended exfiltration occurs.

✗

exec_cache.js:19