Back to skill
Skillv1.0.0
VirusTotal security
Feishu Evolver Wrapper Local · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:33 AM
- Hash
- 34a76618431d2ea8232e309cf817a867c3241338649ee6b2fcce69ccce806679
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-evolver-wrapper-local Version: 1.0.0 The skill bundle implements a complex 'self-evolution' loop with several high-risk behaviors that, while aligned with its stated purpose, create a significant attack surface. Key concerns include the use of 'new Function()' in 'index.js' to evaluate potentially malformed LLM output (creating an RCE vulnerability), the automatic installation of a persistence mechanism via OpenClaw's cron system in 'lifecycle.js', and an 'auto-heal' feature in 'skills_monitor.js' that executes 'npm install' on other skill directories. While the inclusion of a secret-scanning utility in 'feishu-helper.js' suggests a lack of malicious intent, the combination of broad shell execution, self-modifying git operations, and automated persistence warrants a suspicious classification.
- External report
- View on VirusTotal