Skillv1.0.0

ClawScan security

Feishu Plugin Conflict Fix · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 10:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions largely match its stated purpose (fixing Feishu/OpenClaw plugin conflicts) but include destructive local operations and a network install step while declaring no required binaries or install spec and having no source/homepage, which is inconsistent and merits caution.
Guidance: This skill appears to do what it says (fix Feishu/OpenClaw plugin conflicts) but take precautions before running its commands: 1) Verify you have the openclaw CLI and tools the guide uses (jq, npx) installed. 2) Manually inspect and back up ~/.openclaw/openclaw.json and any plugin directories before running scripts—the provided scripts delete and overwrite files. 3) Be cautious about the npx -y @larksuite/openclaw-lark install step: npx will fetch and execute code from npm; verify the package name and source (no homepage/source is provided here). 4) Prefer running the steps manually one-by-one in a test environment to confirm effects rather than executing the one-click scripts. 5) If you cannot verify the author or package provenance, avoid the network install step and reinstall plugins from a trusted source. Additional information that would raise confidence: an official homepage or repo for the skill/author, explicit declaration of required binaries, and confirmation that @larksuite/openclaw-lark is the intended official package.

Review Dimensions

Purpose & Capability: noteThe name/description and SKILL.md consistently target OpenClaw/Feishu plugin conflicts; the commands shown (openclaw config set, tools list, gateway restart, editing ~/.openclaw/openclaw.json) are coherent with that purpose. However, the skill metadata declares no required binaries or install steps even though the instructions assume the presence of the openclaw CLI, jq, cp/mv/rm, and npx. This mismatch is an implementation/documentation gap.
Instruction Scope: concernThe runtime instructions perform sensitive local actions: backing up and overwriting ~/.openclaw/openclaw.json, deleting plugin directories (rm -rf ~/.openclaw/plugins/feishu*), enabling/disabling plugins, and restarting the OpenClaw gateway. Those actions are within the stated repair scope but are destructive and should be run only with explicit user consent and reliable backups. The instructions also call npx to install a package (executes code from the network).
Install Mechanism: concernThere is no declared install spec, yet SKILL.md runs npx -y @larksuite/openclaw-lark install which downloads and executes code from npm at runtime. Using npx is a network operation with execution risk; it's a plausible step to reinstall an official plugin but the skill provides no provenance (no homepage/source) and didn't declare this requirement in metadata.
Credentials: okThe skill requests no environment variables or credentials and SKILL.md doesn't try to read unrelated secrets. Access is limited to local OpenClaw config files and plugin directories, which are proportionate to the stated purpose.
Persistence & Privilege: noteThe skill does modify system-wide OpenClaw configuration files and restarts gateways/agents (impactful operations), but it does not request always: true or attempt to alter other skills' code. This level of privilege is expected for a tool that reconfigures OpenClaw, but it increases blast radius if executed unintentionally.