ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishui-file-sender

Send files via Feishu channel using message tool with filePath parameter.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 367 · 0 current installs · 0 all-time installs
by@Josephyb97
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (send files to Feishu) align with the instructions: the SKILL.md shows how to package a skill folder and call message(..., channel='feishu', filePath=...). However the instructions specifically target /root/.openclaw/workspace/skills (agent internal workspace), which expands the capability beyond a generic 'send a chosen file' scenario and is worth calling out.
!
Instruction Scope
The SKILL.md tells the agent to run shell commands that read and zip files from the agent's workspace (/root/.openclaw/workspace/skills) and then to call message(...) with an absolute filePath. This explicitly instructs reading local agent files and transmitting them to an external Feishu target. There are no constraints, confirmation steps, or sanitization rules — the agent could be directed to package and send any files inside the workspace (which may include secrets). That broad I/O and transmission behavior is the main risk.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing written to disk by an installer. This minimizes installation risk.
Credentials
The skill declares no required environment variables or credentials, which is expected because it relies on the OpenClaw 'message' tool and the platform's configured Feishu channel. However, that means the skill implicitly uses the agent's Feishu credentials to transmit files; the lack of any explicit credential declaration is not wrong but you should verify the channel configuration and who controls the destination chat ID.
Persistence & Privilege
always:false and no install or code that modifies agent configuration are present. The skill does not request permanent presence or elevated privileges beyond invoking the message/send flow at runtime.
What to consider before installing
This skill will let the agent package files from the agent workspace and send them to a Feishu chat using the platform's messaging capability. That is coherent with its description, but it is also a straightforward channel for data exfiltration if misused. Before installing or enabling it: (1) Confirm the Feishu channel and destination chat ID are trusted and under your control; (2) Avoid allowing the agent to zip or send directories that may contain secrets (API keys, private keys, credentials, logs); (3) Require explicit, human-confirmed file paths and a checklist of what will be sent rather than allowing arbitrary paths; (4) Inspect or lock down the implementation of the message(...) tool to ensure it enforces sender policies/rate limits and logs actions; (5) Prefer running this skill in a restricted test environment first. If you cannot enforce those safeguards, do not enable this skill for autonomous use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk975emhs6f1gd45ndncmsqm4w981vkp0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Feishu File Sender

Send binary files (ZIP, PDF, images, etc.) to Feishu groups or users.

Prerequisites

  • OpenClaw configured with Feishu channel
  • Target chat ID (group or user)

Step 1: Package the Skill/File

cd /root/.openclaw/workspace/skills
zip -r /tmp/skill_name.zip skill_folder/

Key: Use relative path inside the zip, not absolute path.

Step 2: Send via Feishu

message(
    action="send",
    channel="feishu",
    filePath="/tmp/skill_name.zip",
    message="📦 Skill Name",
    target="oc_xxxxxxxxxxxx"  # chat ID
)

Parameters

ParameterTypeRequiredDescription
actionstringYes"send"
channelstringYes"feishu"
filePathstringYesAbsolute path to file
messagestringYesCaption text
targetstringYesChat ID (oc_xxx for groups, user ID for DM)

Common Issues

  1. File too large: Feishu limits apply (~20MB for most)
  2. Wrong path: Use absolute path /tmp/xxx.zip
  3. Relative path in zip: Package from parent dir, e.g., zip -r /tmp/out.zip folder/

Example: Send a Skill

# Package
cd /root/.openclaw/workspace/skills
zip -r /tmp/weather.zip weather/

# Send
message(action="send", channel="feishu", filePath="/tmp/weather.zip", message="📦 weather skill", target="oc_group_id")

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…