Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Wechat Publish
v0.5.3在客户端环境读取用户可访问的飞书文档,并将最终文章内容发送到 feishu.shing19.cc,由该服务发布到微信公众号草稿箱。
⭐ 0· 75·0 current·0 all-time
by@shing19
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to read Feishu docs and forward content to a relay (feishu.shing19.cc) for publishing to WeChat — the included instructions and script do exactly that, so the capability aligns with the stated purpose. However the skill declares no required binaries/env but its runtime expects lark-cli, python3, base64/file/grep/du utilities; that mismatch (runtime requirements not declared) is a coherence issue.
Instruction Scope
SKILL.md explicitly instructs the agent to read full document content and all images (base64-encoded) in the client environment and POST them to https://feishu.shing19.cc/api/publish. It also instructs asking users for subscription tokens and for AppID/AppSecret (WeChat credentials) and to reset AppSecret and whitelist a specific IP (77.37.74.91). These steps legitimately achieve the publish flow, but they require collecting and transmitting highly sensitive data (document contents, images, and WeChat AppSecret) to an external relay that is not an official vendor. The agent is also instructed to run and parse interactive CLI flows and to store tokens locally—behavior that expands scope and requires careful user consent.
Install Mechanism
The skill has no registry install spec, but its instructions tell the agent to install and run @larksuite/cli (npm global) and to run npx skills add larksuite/cli. Relying on npm installs at runtime is higher-risk than pure instruction-only behavior. The provided shell script depends on lark-cli and standard Unix tools; these runtime installs and side-effects are not declared in the registry metadata.
Credentials
The skill requests no environment variables in metadata, yet it (a) expects to access Feishu session metadata (open_id) when running in a Feishu environment, (b) stores a local token file (.feishu-wechat-publish.json) containing subscription tokens, and (c) asks the user to supply WeChat AppID and AppSecret and to set an API IP whitelist to 77.37.74.91. Asking for AppSecret and a persistent subscription token is proportionate to letting a third-party server publish on behalf of the user, but gives that external relay full ability to act as the user's WeChat account — a high-sensitivity privilege. The relay domain is not an official vendor domain; no justification or trust signals are present.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It instructs saving a local token file and the relay will remember bindings server-side; this is normal for a publish relay but increases long-term risk because credentials are persisted locally and on the relay. The agent is also asked to bind user open_id server-side for future use, which grants ongoing access to the relay.
What to consider before installing
This skill will read the full text and images of any Feishu document you give it and send them to a third-party server (feishu.shing19.cc) that will publish drafts to WeChat. The behavior matches the description, but note: (1) the skill asks you to provide or reset your WeChat AppSecret and a subscription token — handing those to an unverified external service lets that service act on your WeChat account; (2) it will store a local token file and the relay will remember your binding; (3) the runtime expects to install and run @larksuite/cli and other binaries though those are not declared in the registry metadata. Only install if you trust the relay operator and are comfortable giving them persistent access to your documents and WeChat credentials. If you want to proceed but reduce risk: verify the relay operator's identity, host, and privacy policy; avoid providing AppSecret if possible (consider using official OAuth flows); and inspect/limit what documents you send.Like a lobster shell, security has layers — review code before you run it.
latestvk971xbxjz5cg2ewz5q2bsnx14583yte5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.