Multi-agent-bot-feishu
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent manual setup guide for OpenClaw/Feishu multi-agent routing, but it requires careful handling of bot secrets and persistent OpenClaw configuration changes.
Before installing or following the guide, confirm the correct package slug, back up ~/.openclaw/openclaw.json, use a dedicated Feishu bot with minimal permissions, keep App Secrets out of shared files, and test routing with allowlisted users/groups before enabling broader access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the configured secret may be able to act through the Feishu bot, depending on the bot's permissions.
The skill asks the user to configure Feishu bot credentials so OpenClaw can operate the bot account. This is expected for the integration, but it grants account-level bot authority.
飞书 App ID | 机器人凭证 ... 飞书 App Secret | 机器人密钥
Use a dedicated least-privilege Feishu bot, keep the config file private, prefer allowlists, and rotate the App Secret if it may have been exposed.
Incorrect configuration could send group or direct messages to an unintended agent or workspace.
The skill directs the user to change live OpenClaw routing and restart the gateway. This is central to the skill, but mistakes can persistently route Feishu messages to the wrong agent.
编辑 `~/.openclaw/openclaw.json`,添加三部分配置 ... `bindings` 添加路由 ... `openclaw gateway restart`
Back up openclaw.json, review each binding and accountId, test with a small allowlist first, and confirm the correct agent responds before broad rollout.
Business or group-chat context may remain in the configured workspace and influence later agent behavior.
The skill intentionally creates persistent per-agent workspaces and memory. This supports separation, but retained context may be reused across future conversations.
每个 Agent 有独立的工作空间和记忆
Use separate workspace directories, restrict file permissions, and define retention/cleanup practices for each business line.
Following the README literally could install a different package if both names exist.
The README install command names `multi-agent-bot`, while the supplied registry slug is `multi-agent-bot-feishu`, creating a package-name ambiguity.
clawhub install multi-agent-bot
Verify the package slug in ClawHub before installation and prefer the registry entry you intended to review.