v1.0.0

飞书多机器人多Agent配置

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:16 AM.

Analysis

This is a coherent Feishu multi-bot setup guide, but it includes an option to skip pairing with a wildcard allow-list that could expose agents to unapproved Feishu users.

GuidanceReview the Feishu access policy before using this skill. Prefer explicit pairing approval, avoid `allowFrom: ["*"]` unless the bot is intentionally public, limit Feishu app permissions, protect `~/.openclaw/openclaw.json` with strict file permissions, and keep each agent workspace and auth profile isolated.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

删除 Agent 时用 `openclaw agents delete <agentId>`，会清理对应的工作空间和会话

The documented CLI command can delete an agent's workspace and sessions. This is a normal administrative operation, but it is destructive if run against the wrong agent.

User impactA mistaken delete command could remove local agent state and conversation/session data.

RecommendationVerify the agent ID before deletion and back up important workspaces or memory files before running cleanup commands.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

`appId` 和 `appSecret` 放在配置文件中，确保文件权限安全（`chmod 600`）

The skill instructs users to store Feishu app credentials in the OpenClaw configuration. This is expected for Feishu bot setup, and the guide does mention file permissions, but the credentials are sensitive.

User impactAnyone who can read the configuration file may gain access to Feishu bot credentials or use the configured bot authority.

RecommendationUse least-privilege Feishu app permissions, keep `openclaw.json` readable only by the service account, rotate secrets if exposed, and avoid sharing the config file.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

或直接配置 `dmPolicy: "open"` + `allowFrom: ["*"]` 跳过配对。

The guide presents a wildcard allow-list as a way to bypass first-contact pairing approval, which can broaden who may send messages into the Feishu-to-agent gateway.

User impactUnapproved Feishu users or groups could potentially reach configured agents if the user applies this setting, increasing exposure of agent conversations, workspaces, and delegated capabilities.

RecommendationKeep pairing approval enabled where possible, or restrict `allowFrom` to specific trusted Feishu users/groups and document who is allowed to contact each bot.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

每个 Agent 拥有：独立的工作空间...独立的会话存储...独立的 auth profiles...`MEMORY.md` - 长期记忆

The guide configures persistent per-agent state, including sessions, auth profiles, and long-term memory. This is aligned with the stated isolation goal, but persisted context can carry sensitive or incorrect information forward.

User impactMessages, memory, or session state may persist across conversations and could influence later agent behavior if routes or access controls are too broad.

RecommendationKeep each agent directory separate, restrict file permissions, periodically review memory/session contents, and avoid routing untrusted groups to agents with sensitive context.