Back to skill
Skillv1.0.0
ClawScan security
agent-father · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 3:28 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (creating/managing agents and Feishu groups) and do not contain obvious exfiltration or unrelated credentials, but there are some minor mismatches and a pre-scan prompt-injection signal worth manual review.
- Guidance
- This skill appears to do what it says: create agent folders, workspace files, and Feishu chats using credentials found in ~/.openclaw/openclaw.json or optional FEISHU_APP_ID/FEISHU_APP_SECRET environment variables. Before running: 1) Inspect the scripts locally (they are bundled) to confirm they match your expectations (they are plain shell scripts and Node one-liners). 2) Back up your ~/.openclaw/openclaw.json and workspace directories — the scripts create and can delete agent/workspace directories. 3) Provide Feishu credentials only if you intend the skill to call Feishu APIs; treat FEISHU_APP_SECRET as sensitive. 4) Remove or review any unexpected unicode/control characters in SKILL.md (scanner flagged them). 5) Run in a safe/staging environment first (or with non-production Feishu app credentials) to confirm behavior. If you need higher assurance, request the publisher/source or run the scripts under a sandboxed account.
- Findings
[unicode-control-chars] unexpected: The pre-scan found unicode control characters in SKILL.md. This is not expected for a normal README and could be an accidental formatting artifact. It can also be used in prompt-injection or to hide characters; inspect the SKILL.md for zero-width or control characters before trusting automated processing.
Review Dimensions
- Purpose & Capability
- okName/description (agent/employee onboarding, workspace and Feishu group management) align with files and scripts. Required binaries (bash, curl, node, grep, sed, etc.) are used by the scripts and are proportionate to the task. The scripts operate on ~/.openclaw and related workspace paths, which is expected for an OpenClaw-related agent-management skill.
- Instruction Scope
- noteSKILL.md instructs running the included shell scripts which create directories, JSON files, and call the Feishu API. The scripts read ~/.openclaw/openclaw.json (or use OPENCLAW_BASE) to obtain Feishu credentials and may invoke the 'openclaw' CLI if present. That scope is appropriate, but the static scan flagged 'unicode-control-chars' inside SKILL.md (possible prompt-injection formatting). This is likely a formatting artifact but should be inspected to ensure no hidden control characters were added to manipulate tools or readers.
- Install Mechanism
- okNo install spec. The skill ships as scripts and docs only; nothing is downloaded from third-party URLs or extracted. Risk from install mechanism is low because nothing external is pulled or installed by the skill itself.
- Credentials
- noteRegistry metadata lists no required env vars, but scripts actually read/allow: OPENCLAW_BASE, FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_INITIAL_USER and rely on an openclaw CLI if present. These env vars are proportional to the stated purpose (Feishu API access and locating OpenClaw config), but the metadata could more clearly declare the optional FEISHU_* and OPENCLAW_BASE environment variables so users know which secrets/configs are used.
- Persistence & Privilege
- okalways:false and normal autonomous invocation settings. The scripts create and delete files under the user's OpenClaw directories (~/.openclaw) and register agents using the openclaw CLI if available. They do not modify other skills' configurations or system-wide settings beyond the user's OpenClaw workspace. Behaviors are consistent with the declared purpose.