ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DashScope Web Search (Feishu)

v1.0.0

Search the web for real-time information using DashScope Qwen, optimized for Feishu. Use this skill whenever: (1) the user asks about current events, news, w...

0· 285·0 current·0 all-time
byJeffrey@oreo992
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's description (real-time web search for Feishu) matches the code's functionality (web_search.py uses DASHSCOPE_API_KEY; feishu_image.py uploads images to Feishu). However the registry metadata declared no required environment variables while the code requires DASHSCOPE_API_KEY and (for image mode) FEISHU_APP_ID/FEISHU_APP_SECRET. The README and SKILL.md mention installing the 'openai' Python package but the skill metadata did not declare this dependency. These mismatches are inconsistent and unexpected.
!
Instruction Scope
SKILL.md instructs the agent to run included scripts, which is expected, but the scripts also read credentials and (if Feishu env vars are missing) attempt to read openclaw.json from several system/user paths (../../openclaw.json, ~/openclaw/openclaw.json, /home/openclaw/openclaw.json). That allows the skill to access configuration and possibly other secrets outside its own directory. The feishu_image.py pipeline will download arbitrary image URLs and upload them to Feishu; that behavior is coherent with the stated image pipeline but the fallback config file reads are scope creep and should be explicit.
Install Mechanism
There is no install spec (instruction-only), which keeps disk-write risk low. The README instructs installing the 'openai' Python package via pip — this is expected given the scripts import openai. No third-party binaries or remote archive downloads are fetched by the skill itself. However the missing declared dependency in the metadata is a coordination issue the user should fix before running.
!
Credentials
The skill actually requires DASHSCOPE_API_KEY for all searches and FEISHU_APP_ID/FEISHU_APP_SECRET for image send/upload, but the registry lists no required env vars. Additionally, feishu_image.py will fall back to reading openclaw.json from several locations to extract Feishu credentials — this can expose unrelated channel credentials if present. The number/nature of credentials requested is proportionate to the feature set, but the fact they are not declared and that the skill will search for credentials in global config files is a privacy/authorization concern.
Persistence & Privilege
The skill does not request persistent/always presence (always:false). It writes a token cache to /tmp/feishu_token.json and temporary images under a temp directory, which is normal. It does not modify other skills' configs or attempt to enable itself. The main privilege concern is read access to openclaw.json fallback paths, which lets it harvest credentials from outside its folder if those files exist and are readable.
Scan Findings in Context
[ssl_verify_disabled] unexpected: scripts/feishu_image.py creates an SSL context with check_hostname=False and verify_mode=CERT_NONE and uses it for both downloads and API calls. Disabling TLS verification is insecure and not necessary for normal interaction with DashScope/Feishu APIs.
[reads_external_config_fallback] unexpected: feishu_image.py will read openclaw.json from multiple filesystem locations as a fallback to find FEISHU_APP_ID/FEISHU_APP_SECRET. While convenience is understandable, autodiscovering and reading global config files is not declared in the skill metadata and can expose unrelated secrets.
[requires_api_keys_not_declared] unexpected: web_search.py demands DASHSCOPE_API_KEY and feishu_image.py requires FEISHU_APP_ID/FEISHU_APP_SECRET (for image mode). The skill registry metadata listed no required env vars — a manifest mismatch that can mislead users and automated permission checks.
[uses-openai-python-package] expected: web_search.py relies on the openai Python package (used to call DashScope-compatible API). Installing this package is expected, but the dependency is not declared in the registry metadata or an install spec.
What to consider before installing
Do not install blindly. Before running, ensure you understand and accept these points: (1) The skill requires a DASHSCOPE_API_KEY and — only for image sending — FEISHU_APP_ID and FEISHU_APP_SECRET, but the skill's metadata does not declare these; set them explicitly in a controlled environment. (2) The feishu_image pipeline will attempt to read openclaw.json from several locations if Feishu env vars are missing — if you keep global credentials in those paths, the skill can access them; remove or restrict those files if you don't want that. (3) feishu_image.py disables TLS verification (ssl.CERT_NONE) for downloads and API calls — audit and fix this (remove the custom SSL context) before trusting the skill in production. (4) Install and audit the 'openai' package and run the scripts in an isolated or least-privileged environment (container or VM) until you're comfortable. (5) If you plan to use image mode, create a Feishu app with minimal permissions and rotate credentials after testing. If you want to proceed, update the skill metadata to declare required env vars and consider removing the openclaw.json autodiscovery and the disabled TLS verification.

Like a lobster shell, security has layers — review code before you run it.

latestvk97drsgdqxt5j4h26rj05rhby1827gxf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3

Comments