meeting-score
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: meeting-score Version: 1.0.0 The skill is designed for a legitimate meeting scoring system using Feishu Bitable. However, it is classified as 'suspicious' due to its use of powerful capabilities. Specifically, the skill instructs the agent to use the `cron` tool to schedule an `agentTurn` message every 30 seconds. This allows the agent to programmatically instruct itself to perform actions periodically, which, while used for a benign polling mechanism here, represents a significant capability that could be leveraged for malicious purposes if the skill's instructions were altered. Additionally, the skill requires broad permissions to create, read, update, and delete tables, fields, and records within Feishu Bitable, which are high-risk capabilities, even if plausibly needed for its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong Feishu app or table ID is used, fields or records could be removed from a table the user did not intend to change.
The skill instructs the agent to delete fields and records in Feishu. The deletion is described as cleanup of defaults in a newly created table, so it is purpose-aligned, but it is still a mutating/destructive capability.
删除默认多余字段(单选/日期/附件):逐个调用 DELETE /fields/{field_id} ... 删除默认空白行:读取所有记录后逐条调用 DELETE /records/{record_id}Confirm the target Feishu app/table is the newly created scoring table before allowing cleanup or update operations.
If the host forgets the permission setup or reviewer names do not match Feishu display names, reviewers may see or edit more scoring rows than intended.
The promised per-reviewer privacy relies on a manual Feishu advanced-permission rule and exact name matching. The artifact discloses this, but the isolation is not automatically enforced by the skill.
由于 API 暂不支持直接配置行级权限,需主持人在表格中手动操作... 条件:「评委姓名」字段 = 当前用户姓名... 评委姓名需与其飞书账号显示名称保持一致
Set Feishu advanced permissions before sharing the table, verify reviewer display names, and prefer Feishu member-type fields where possible.
The polling job may keep using resources and modifying the scoring table after the meeting if it is not disabled.
The skill can create a recurring background task that reads and updates the Feishu scoring tables. It is disclosed and user-triggered, but it can continue running until manually stopped.
当主持人说「开始自动计算」或「监听打分」时,使用 `cron` 工具创建定时任务... 每0.5分钟执行一次(everyMs: 30000)... 建议会议结束后手动停止自动计算
Record the cron job ID, stop the job when scoring is complete, and consider changing the workflow to automatically disable the job after all agenda items are marked complete.