ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书@机器人

v1.0.0

飞书群聊中 @机器人并发送消息。当用户需要在飞书群里艾特机器人、通知其他机器人、或让机器人之间互相通信时使用。

0· 442·2 current·2 all-time
by@pcjinglang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (mentioning bots in Feishu group chat) align with the SKILL.md content: it explains message formats (<at> tags), how to call the Feishu API, and how to extract bots' open_id from mentions.
!
Instruction Scope
The instructions include concrete API calls that require Feishu app_id/app_secret and a tenant_access_token, and they show saving open_id to TOOLS.md or a database. However the skill metadata declares no required credentials or config paths. The SKILL.md also refers to a 'message' tool command (message action=send) without declaring or describing that tool. The instructions therefore assume access to secrets and to writable local tooling/config that were not declared.
Install Mechanism
No install spec and no code files (instruction-only). This is low risk from an install perspective — nothing is downloaded or written by an install step.
!
Credentials
Although the metadata declares no required environment variables or primary credential, the runtime examples require app_id and app_secret (sensitive credentials) to obtain a tenant_access_token. The skill should have declared that it needs these credentials; absence is a proportionality/visibility mismatch.
Persistence & Privilege
always:false and normal autonomous invocation are used (expected). The guidance to 'cache robot open_id' in TOOLS.md or DB implies persistent storage of identifiers (and possibly tokens if misused) in the agent workspace — this is behavior to be cautious about but not inherently privileged.
What to consider before installing
This skill appears to be what it says (how to @-mention bots in Feishu), but its runtime examples require Feishu app_id/app_secret and instruct caching open_id to TOOLS.md — yet those credentials and paths are not declared in the metadata. Before installing or running: 1) Confirm how and where you will provide app_id/app_secret (do not paste secrets into public files); 2) Prefer a least-privileged Feishu app and short-lived tokens; 3) If the skill will write TOOLS.md or other files, ensure those files are stored securely (use a secrets manager or protected database, not plaintext in workspace); 4) Ask the skill author what the 'message' tool is and whether it has access to other credentials/files; 5) If you are uncomfortable with undeclared secret usage or local writes, do not enable the skill until the author documents required env vars/paths and their intended use.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ygqnv7w89jjk2bp0xm54q1821j1p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments