openclaw多智能体创建向导

Security checks across malware telemetry and agentic risk

Overview

This setup wizard is mostly purpose-aligned, but it repeatedly asks users to paste Feishu app secrets into chat without adequate safety warnings.

Review before installing. Use this only if you are comfortable letting the assistant configure OpenClaw and Feishu. Do not paste Feishu App Secret into chat; enter it only through a local secure OpenClaw prompt or protected config path, redact logs before sharing, and back up any existing agent workspace before running the starter profile scripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill explicitly tells the user to paste a Feishu App ID and App Secret into chat, creating a direct credential collection path. Even if intended for setup convenience, collecting secrets through conversational channels increases the risk of disclosure via logs, model retention, transcript sharing, or misuse by the agent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to copy Feishu `App ID` and `App Secret` but does not explicitly warn that the secret is sensitive, should never be pasted into chats, committed to files, or shared with the assistant. In a beginner-focused wizard, omission of credential-handling guidance materially increases the chance of accidental secret disclosure during setup.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly asks the user to paste Feishu App ID and App Secret into the chat flow without a warning about credential sensitivity or guidance for secure handling. Secrets entered into conversational channels may be logged, retained, exposed to other tools, or mishandled by downstream steps, enabling compromise of the Feishu app and bot integrations.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill enables implicit invocation without any trigger constraints, exclusions, or narrowing conditions, which increases the chance the platform will invoke it in contexts the user did not clearly intend. Because this skill can guide setup of multi-agent configurations and Feishu bindings, accidental invocation could lead to confusing, over-broad, or unintended configuration assistance being injected into unrelated conversations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the operator to collect and patch Feishu `App ID` and `App Secret` into configuration, but it provides no warning about secret handling, storage, redaction, or avoiding exposure in chats/logs. In a beginner-oriented wizard, this increases the chance that users paste credentials into unsafe places, commit them to files, or disclose them during support interactions, leading to account compromise.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The guide tells users to inspect logs for `chat_id`, user IDs, inbound events, and reply attempts, but does not warn that logs may contain sensitive conversation metadata or identifiers. This can normalize unnecessary exposure of user/group identifiers and message data, especially in shared terminals or persisted log files.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script explicitly instructs the user to paste a Feishu `App Secret` into chat, which normalizes transmission of long-lived credentials through a conversational channel that may be logged, retained, or exposed to operators and integrations. In this skill context, the agent is acting as a setup wizard for beginners, which increases risk because users are more likely to follow the instruction verbatim without understanding the sensitivity of the secret or safer alternatives.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow asks for sensitive credentials without any warning that the App Secret is confidential. This normalizes unsafe secret handling and makes accidental disclosure more likely, especially for beginners who may not understand the sensitivity of these values.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script unconditionally writes fixed filenames into a user-supplied workspace and uses Path.write_text() without checking whether those files already exist. In a setup wizard context, this can silently destroy existing profile content or curated prompts, causing configuration loss and potentially breaking an existing agent workspace.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill creates a natural-language prompt for users to disclose app credentials directly to the assistant, which is a classic secret-exfiltration anti-pattern. In a chat-based environment, this is especially dangerous because secrets may be persisted in conversation history, analytics, or third-party systems outside the user's control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal