ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-chatfile-skill

v1.0.0

飞书发送本地图片和文件技能。支持向飞书私聊(ou_)和群聊(oc_)发送图片(JPEG/PNG/WEBP 等)及文件(PDF/HTML/ZIP 等)。采用官方推荐的两步法(上传获取 key -> 发送消息),确保内容在飞书客户端正常显示并获得最佳体验。

0· 72·0 current·0 all-time
bycalm@shouldnotappearcalm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description claim: send local images/files to Feishu chats. The included scripts implement exactly that (upload -> send). However the SKILL.md instructs the agent to read /root/.openclaw/openclaw.json to obtain app_id/app_secret and to proactively send produced images; the skill metadata declares no required credentials or binaries. Missing declarations (credentials, use of curl/python) are disproportionate to the registry metadata and reduce transparency.
!
Instruction Scope
SKILL.md directs reading the OpenClaw config file (/root/.openclaw/openclaw.json via grep) and extracting app_id/app_secret; it also mandates proactively sending images in the Feishu channel without explicit user prompting. These instructions extend beyond a passive helper: they access agent configuration and instruct autonomous outbound transmission of local files/images.
Install Mechanism
No install spec (instruction-only + two scripts). That is low-risk from install mechanics — nothing is downloaded at install time. Note: scripts call curl via subprocess, but no install is performed by the skill itself.
!
Credentials
The scripts require an app_id and app_secret to fetch a tenant token and to send files — reasonable for Feishu integration — but the skill metadata lists no required env vars and no primary credential. SKILL.md also tells the agent to read a sensitive config path to obtain those credentials. This is an undeclared, non-transparent request for privileged credentials and access to agent config.
!
Persistence & Privilege
always:false (good), and autonomous invocation is allowed (platform default). Combined with the mandatory rule to proactively send images and the ability to read agent config and send arbitrary local files, this increases risk: an autonomously-invoked agent could exfiltrate files using credentials from the agent config. The skill does not modify other skills or request persistent installation, but its operational instructions grant it meaningful outbound capability.
What to consider before installing
This skill implements Feishu two-step upload->send and the scripts look legitimate for that purpose, but there are some red flags you should consider before enabling it: - The SKILL.md tells the agent to read /root/.openclaw/openclaw.json to extract app_id/app_secret, but the skill metadata does not declare any required credentials. That means the skill will access agent configuration to obtain secrets without having made that need explicit. - The scripts use curl (via subprocess) and require python3; the registry entry doesn't list these dependencies. Ensure your runtime provides these binaries if you plan to use it. - The skill can send arbitrary local files/images to Feishu using the app credentials it obtains. If the agent is allowed to run autonomously, this capability could be used to exfiltrate sensitive files. Consider whether you trust the agent and the Feishu destination IDs it will use. Recommendations: - Only enable this skill if you trust the skill source and the Feishu app owner. Prefer to supply explicit, scoped credentials rather than letting the skill read agent-wide config. - Restrict which files the agent may send (e.g., sandbox generated outputs only) and audit sent message logs. - If you need stronger control, disable autonomous invocation for the agent or require explicit user confirmation before sending files. - Ask the publisher to update metadata to declare required credentials and binaries, and to remove or clarify the mandated automatic-send rule if undesired.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0ems10330q0qsajex1406583tejh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments