Feishu Multi Agent Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Newly created agents may inherit existing authentication profiles or account access beyond the Feishu bot credentials the user expected to configure.
The README says child agents automatically copy auth-profiles.json, but the artifacts do not clearly list which credentials are copied, how the user approves it, or how access is limited.
✅ **自动复制认证配置** - 创建子 Agent 时自动复制 auth-profiles.json
Require explicit opt-in before copying auth profiles, show exactly which profiles will be copied, avoid copying secrets by default, and document how to revoke or isolate credentials.
A malformed or manipulated agent ID could cause workspace/config paths to be created outside the intended location or make the OpenClaw configuration point at unexpected directories.
The batch-create path is derived from agent.agentId, which is an input string; the provided artifacts do not show a safe-character check or path-prefix containment before using it for persistent agent paths.
const workspacePath = path.join(homeDir, '.openclaw', `workspace-${agent.agentId}`);
const agentDirPath = path.join(homeDir, '.openclaw', 'agents', agent.agentId, 'agent');Restrict agent IDs to a safe pattern such as /^[a-zA-Z0-9_-]+$/, normalize paths, and verify every generated path remains under the intended ~/.openclaw directory before writing.
Anyone who can read the OpenClaw config file may be able to see Feishu app secrets.
The skill stores Feishu App IDs and App Secrets in the local OpenClaw configuration, which is expected for this integration but is still sensitive credential handling.
"accounts": {
"main": {
"appId": "cli_main_xxx",
"appSecret": "main_secret_xxx"
}Keep openclaw.json private, use least-privilege Feishu app permissions, rotate secrets if exposed, and avoid committing the config file to source control.
Personal preferences, decisions, or task context may be retained and reused by the created agents.
Generated agent role files instruct agents to persist decisions and user preferences to memory, which is purpose-aligned for multi-agent personalization but affects long-term context.
记录重要决策和用户偏好到 MEMORY.md
Review generated MEMORY.md/USER.md files, avoid storing sensitive information unless needed, and provide a cleanup or reset process.
Messages or context given to one agent may be shared with other configured agents.
The skill enables agent-to-agent communication, which is central to the multi-agent purpose but means information can flow between agents.
"tools": {
"agentToAgent": {
"enabled": true,
"allow": ["main", "dev"]
}
}Keep the allow list narrow, document which agents can communicate, and avoid sending secrets through inter-agent messages unless necessary.
A user may underestimate that this package contains code capable of changing local OpenClaw files.
The registry metadata frames the skill as instruction-only, while the artifact includes executable source and dist files; this mismatch makes provenance and runtime expectations less clear.
No install spec — this is an instruction-only skill. Code file presence: 5 code file(s): dist/index.d.ts, dist/index.js, src/index.ts, src/types.d.ts, tests/index.test.ts
Align registry metadata, skill.json, package versions, and file lists with the actual runnable contents before publication.