Skillv1.0.0

ClawScan security

feishu-multi-agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 9:33 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and configuration are internally consistent with its stated purpose (a Feishu group-message relay using local OpenClaw), but it runs a networked daemon that holds credentials in a local config file so you should review and trust the components it talks to before installing.
Guidance: This skill appears to do what it says: it polls a Feishu group, uses a local OpenClaw API to generate replies, and posts messages on behalf of a configured bot. Before installing, confirm you understand and accept these points: 1) You must place Feishu App ID/Secret and an OpenClaw token in ~/.openclaw/config/feishu-multi-agent.json — protect that file (install.sh sets chmod 600 on it). 2) The daemon will autonomously read group messages and post replies to the configured chat_id; only use it where autonomous bot replies are acceptable. 3) Ensure the configured OpenClaw API URL and token point to a trusted, local/isolated service (the script will send conversation context and prompts to that API). 4) Review the full Python script yourself (or run in a sandbox) if you have concerns about unexpected network calls or logging of secrets; the manifest shows no external downloads, but the daemon does communicate over the network (Feishu API and the configured OpenClaw API). 5) If you will deploy with an untrusted peer bot, consider the risk that the peer could influence generated content; restrict which group/chat_id the skill has access to. If you want higher assurance, run the daemon on an isolated host, inspect the script for any extra endpoints, and verify filesystem permissions for the config and cache directories.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the scripts poll Feishu group history, detect a peer bot, call a local OpenClaw 'brain' to generate replies, and post back to the Feishu chat. Required Feishu app IDs/secrets and an OpenClaw token are all represented in the included config template, which is appropriate for this functionality.
Instruction Scope: okSKILL.md instructs only running the bundled Python script and copy/edit a single config file under ~/.openclaw/config. The runtime behavior described (polling Feishu, calling local API, sending messages, managing rounds and state) is implemented in the script and confined to the stated files and endpoints (Feishu OpenAPI and the configured OpenClaw API). The agent/daemon will autonomously send messages to the target chat as expected by the skill's purpose.
Install Mechanism: okNo external install/downloads or package installs are declared. The provided install.sh merely creates config/cache dirs and copies the bundled template into ~/.openclaw/config. No remote code fetches or archive extraction are present in the manifest.
Credentials: noteThe skill requests no environment variables but requires sensitive credentials (Feishu App ID/Secret and OpenClaw API token) to be placed in the runtime config file (~/.openclaw/config/feishu-multi-agent.json). These credentials are appropriate for the described integration, but storing them in a local file means you should protect that file and only install if you trust both the peer bot and the local OpenClaw service.
Persistence & Privilege: noteThe skill runs a background daemon, writes PID/state/log files under ~/.openclaw/cache, and autonomously posts replies into the configured Feishu chat. It does not declare 'always: true' and does not appear to modify other skills' configuration. Autonomous posting is necessary for the stated functionality but increases blast radius (it will act in a chat without per-message manual approval).