ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Storage Manager

v1.0.1

飞书收纳管家完整版 - 智能位置匹配 + 位置图片管理 + 一键入库

0· 32·1 current·1 all-time
by@ruoruochen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description, SKILL.md, and code all match: this is a Feishu Bitable + image upload storage manager, so network access to open.feishu.cn and image upload capabilities are expected. However the registry metadata did not declare the FEISHU_* environment variables even though SKILL.md and the code require them. That mismatch (metadata says no required env vars; documentation and code require credentials) is a coherence problem and surprising for a skill that integrates with an external service.
!
Instruction Scope
SKILL.md instructs the agent/user to set FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID and to run CLI commands. The runtime code uploads files and creates records via Feishu APIs (open.feishu.cn). The instructions do not ask for unrelated system data, but the code will accept image files from disk and upload them to Feishu — expected for purpose. The concern is that the runtime will proceed using built-in defaults (hard-coded credentials) if you don't set env vars, causing data to be sent to a third-party account without explicit notice.
Install Mechanism
There is no platform install spec (instruction-only), which is lower risk. An included install.sh exists and will install requests (pip3), chmod files, and create a symlink under ~/.local/bin/storage-manager — standard for a CLI tool. No remote downloads or archive extraction from untrusted URLs were seen. Install script writes into the user home (~/.local/bin) which is typical for user-level CLI installs.
!
Credentials
The skill logically needs Feishu credentials, and SKILL.md documents FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_BITABLE_TOKEN/FEISHU_TABLE_ID. But the skill metadata did not declare these as required. Worse, multiple code files (e.g., final_integrated.py, complete_system.py, location_image_manager.py) include default hard-coded values for app_id, app_secret, bitable_token and table_id. Those embedded secrets are disproportionate and risky: if you don't override them, your uploads/records will go to the account tied to those defaults.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request system-wide privileges. The install script creates a user-level symlink and example .env file — typical for CLI tools. The skill does not modify other skills' configurations or require platform-level persistence beyond a user-installed CLI.
Scan Findings in Context
[hardcoded-credentials] unexpected: Multiple source files (final_integrated.py, complete_system.py, etc.) set default values for FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID. For a tool that integrates with a user's Feishu app, embedding default credentials is unexpected and dangerous because it can redirect data to a third-party account.
[network-endpoint-open-feishu] expected: The code contacts https://open.feishu.cn open-apis for token, drive upload, and bitable record creation — this is expected for a Feishu Bitable integration.
[local-install-script-symlink] expected: install.sh creates a symlink in ~/.local/bin/storage-manager and installs requests if missing; this behavior is typical for CLI installation but modifies user home.
What to consider before installing
What to consider before installing: - Do not rely on the code's defaults. The package includes hard-coded Feishu credentials/tokens in several Python files; if you don't supply your own FEISHU_* environment variables, images and records will be uploaded to the account tied to those defaults. Treat that as potential data exfiltration. - Recommended immediate steps before use: 1) Inspect the code files (final_integrated.py, complete_system.py, location_image_manager.py, etc.) and remove or replace any hard-coded FEISHU_APP_ID / FEISHU_APP_SECRET / FEISHU_BITABLE_TOKEN / FEISHU_TABLE_ID values. Ensure they are not present in the deployed copy. 2) Provide your own Feishu credentials via environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BITABLE_TOKEN, FEISHU_TABLE_ID) and verify the code reads them (it does, but defaults exist). Test with throwaway data first. 3) If you do not control the Feishu app the code would use (i.e., you don't know the owner of the hard-coded credentials), do not run the skill with real/personal images or sensitive data. 4) Consider running the tool in an isolated environment (container/VM) and monitor network calls (to confirm they go to your configured app and not elsewhere). 5) If you will install via the provided install.sh, review the script and remove or modify the symlink creation step if you prefer not to alter ~/.local/bin automatically. - If you are not comfortable auditing or editing the code, avoid installing this skill or request a version from the author that does not contain embedded secrets and that properly declares required environment variables in its metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk970am5hr0fbr6h7aj43bjtqfx84t652

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗃️ Clawdis
Binspython3

Comments