Muguozi1 Openclaw Feishu Calendar
WarnAudited by ClawScan on May 10, 2026.
Overview
This Feishu calendar skill is not clearly malware, but it has review-worthy behavior: some scripts create persistent public routine events, delete calendar entries, and write calendar data into agent memory in ways that are under-disclosed.
Review the scripts before installing. Only use this if you control the Feishu app credentials and understand the calendar permissions granted. Avoid running sync_routine.js, setup_routine.js, or cleanup.js until you confirm the exact events they will create or delete, and consider restricting Feishu scopes and backing up calendars first.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the documented sync routine could add recurring public reminders or instructions to the Feishu calendar that persist and may steer future agent behavior.
The routine creates persistent recurring public calendar entries for autonomous agent/system activities, while SKILL.md presents sync_routine.js as a calendar synchronization routine.
summary: '🛡️ System Maintenance (Auto-Restart)' ... summary: '🦐 ClawdChat Check', description: 'Check community feed and interact with other agents.' ... recurrence: task.rrule, permissions: 'public'
Do not run sync_routine.js unless you explicitly want those recurring events. Split setup from sync, require confirmation, make events private by default, and provide a clear cleanup path.
A user could lose legitimate calendar events if this setup script is run against the wrong calendar or matches real event titles.
The setup routine can fall back to the primary calendar and delete events whose summaries contain broad terms like 'Test' or 'Invite' without per-event confirmation.
if (primary.code === 0) botCalendarId = 'primary'; ... if (evt.summary.includes('Test') || evt.summary.includes('Invite')) { ... method: 'DELETE' ... }Require an explicit calendar ID, show a dry-run list, ask for confirmation before deletion, and avoid broad title-based deletion rules.
Installing users may not realize the skill needs Feishu app-level authority that can change calendar membership and write access.
The skill uses Feishu app credentials and can grant calendar access roles to members, but the registry metadata declares no required credentials or primary credential.
const APP_ID = process.env.FEISHU_APP_ID; const APP_SECRET = process.env.FEISHU_APP_SECRET; ... .requiredOption('--members <ids>' ...).option('--role <role>', 'Role for members (writer, reader, owner)', 'writer') ... /acls?user_id_type=open_idDeclare required credentials and requested Feishu scopes in metadata, document exactly which calendar/account permissions are needed, and default to least-privilege roles.
Sensitive calendar details may persist locally, and untrusted event titles from Feishu could influence later agent behavior if read as instructions.
The sync script stores Feishu event data in persistent memory and writes event summaries into HEARTBEAT.md, where future agents may treat calendar text as trusted context.
fs.writeFileSync(path.resolve(__dirname, '../../memory/calendar_events.json'), JSON.stringify(events, null, 2)); ... calendarSection += `- [ ] ${start} - ${e.summary}\n`; ... fs.writeFileSync(heartbeatPath, heartbeatContent, 'utf8');Store only minimal calendar data, sanitize event text before writing it into agent context, label it as untrusted user/provider content, and document retention and deletion behavior.
Users may over-trust the skill’s safety or maturity based on quality and test claims that are not supported by real tests.
The provided test file contains placeholder tests that always pass, while README/OPTIMIZATION materials claim automated tests and high quality scores.
# TODO: 添加实际测试 ... print('✓ PASSED')Replace placeholder tests with real Feishu API and safety tests, or remove the quality/test claims until they are accurate.
The scripts may fail or resolve undeclared code from the surrounding environment, making behavior less predictable.
Several scripts require additional modules such as commander, and some files reference ../common/time-helper.js outside the manifest, so the runnable package is not fully declared by package.json.
"dependencies": { "@larksuiteoapi/node-sdk": "^1.0.0", "dotenv": "^16.0.0" }Declare all runtime dependencies, include all referenced helper files, and keep package-lock.json aligned with the reviewed package.