Forces Reanalyze Smart
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: forces-reanalyze-smart Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of a hardcoded session cookie in `scripts/fetch_furcas.py`, which constitutes a credential leak vulnerability. While the bundle's logic—including data fetching from Furcas and automated document/Bitable updates in Feishu via `scripts/import_to_bitable.mjs` and `scripts/fill_review_cells.cjs`—is consistent with the stated goal of work order review, the inclusion of sensitive credentials in plain text is a high-risk practice. The `SKILL.md` provides detailed operational instructions and technical constraints to ensure the AI agent performs the multi-step workflow correctly, but it does not contain evidence of malicious prompt injection or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read or reuse this script may gain access to Furcas ticket data under that session, and users may be encouraged to store their own browser Cookie in source code.
The source contains a raw Furcas browser session Cookie. Session cookies are credential-equivalent and can grant access to the ticket system; embedding one in a distributed script is unsafe even though Furcas access is purpose-aligned.
# !!! 需要手动替换为有效的 cookie !!! cookie = "showStep=true; ...; furcas=...; acw_tc=..."
Remove and rotate the embedded Cookie, accept Furcas credentials only through a secret store or runtime prompt, and clearly declare the credential requirement and scope.
The agent may act as a Feishu user and modify any accessible table selected by APP_TOKEN/TABLE_ID, possibly using the wrong stored account.
The script directly decrypts a local Feishu user access token and picks the first encrypted token file, leaving account selection and authorization scope unclear.
const masterKey = readFileSync("/state/share/openclaw-feishu-uat/master.key");
const files = readdirSync(dir).filter((f) => f.endsWith(".enc"));
const encData = readFileSync(dir + files[0]);
return JSON.parse(plaintext).accessToken;Use an explicit OAuth flow or credential broker with user/account selection, declare the Feishu credential requirement, and restrict the token scopes to only the required docs/tables.
A wrong APP_TOKEN or TABLE_ID could cause records in the wrong Feishu table to be deleted or overwritten.
If the target table name does not match, the script only warns and continues; it then deletes existing records in the selected Feishu table before importing new data.
if (actualName !== TABLE_NAME) { ... "继续导入但数据可能被写入错误的表" }
...
await api("POST", `/bitable/v1/apps/${APP_TOKEN}/tables/${TABLE_ID}/records/batch_delete`, { record_ids: ids });Abort on table mismatch, require explicit confirmation or dry-run output before deletion, back up records, and validate the target table before any write operation.
Running the script as-is could edit a specific Feishu document with stale or wrong review data.
The document-update script PATCHes Feishu Docx content using hardcoded document, month, and statistics values rather than requiring a verified target from the current user request.
const DOC_ID = 'UvhDwxvLaiVRTHk5R31cnVHXnQg';
const MONTH = '2026-04';
const CELL_DATA = { total: '644', ... };
...
return apiWithRetry('PATCH', url, { Authorization: `Bearer ${uat}` }, body);Make document ID, month, and cell data required runtime parameters, display the target document before writing, and require confirmation before PATCH updates.
Users may grant or expose sensitive account access without realizing the skill depends on browser sessions and OAuth tokens.
The registry-level credential contract says no credentials are needed, but the scripts use a Furcas session Cookie and local Feishu OAuth tokens. This under-disclosure could make users underestimate the sensitivity of installing or running the skill.
Required env vars: none Env var declarations: none Primary credential: none
Update metadata and SKILL.md to disclose all credentials, local token stores, environment variables, scopes, and mutation permissions.
Users have less provenance context and may need to manually verify local runtimes and dependencies before executing the scripts.
The complete source files are provided, but provenance is limited and runtime requirements are under-declared for shipped Python/Node scripts. This is a review note rather than proof of malicious behavior.
Source: unknown; Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Declare required runtimes/dependencies, provide a trustworthy source location, and review all scripts before running them with production credentials.