ClawHub

Feishu Send Message

Security checks across malware telemetry and agentic risk

Overview

This skill appears to send Feishu messages as intended, but it can use local Feishu app secrets selected by an agent ID and can be configured to send messages automatically.

Install only if you trust this skill to send Feishu messages on behalf of your agents. Restrict access to local OpenClaw config files, verify the agent ID and target chat before sending, and do not enable the automatic reply hook unless you have clear filters and rate limits.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

An agent or user that can run this script may be able to send Feishu messages using another locally configured agent's Feishu app identity if that config file is readable.

Why it was flagged

The caller-provided agent ID controls which local OpenClaw config file is read for Feishu app credentials, so the script is not technically limited to the current agent's own credential file.

Skill content
AGENT=$1 ... CONFIG_FILE="$HOME/.openclaw/openclaw-${AGENT}.json" ... APP_SECRET=$(jq -r '.channels.feishu.appSecret' "$CONFIG_FILE")
Recommendation

Bind the agent ID to the current runtime identity or enforce an allowlist, declare the required credential/config path in metadata, and restrict file permissions on ~/.openclaw/openclaw-*.json.

#
ASI10: Rogue Agents
Low
What this means

If enabled, the agent may send Feishu replies without per-message review and could spam or loop if multiple agents auto-reply to each other.

Why it was flagged

The skill documents a persistent hook that automatically runs the message-sending script when messages are received.

Skill content
"auto-reply-feishu": { "enabled": true, "trigger": "message.received", "script": "~/.openclaw/workspace-{agentId}/skills/feishu-agent-messenger/send.sh", "args": [...] }
Recommendation

Only enable the hook for trusted conversations, add filters or rate limits where possible, and disable it when automatic replies are not needed.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users may not get an accurate install-time warning that the skill depends on local credentials and command-line tools.

Why it was flagged

The registry metadata does not declare runtime requirements or credential/config usage that are shown elsewhere in the artifacts, such as jq/curl and ~/.openclaw Feishu app credentials.

Skill content
Required binaries (all must exist): none ... Primary credential: none ... Required config paths: none
Recommendation

Update the registry metadata to declare jq, curl, the OpenClaw Feishu config path, and the credential use.