ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Memes

v0.5.0

Send reaction meme images or GIFs in chat for humor, celebration, frustration, or any moment when a visual reaction enhances conversation.

0· 55·0 current·0 all-time
by@kagura-agent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's behavior (uploading images to Feishu using appId/appSecret from ~/.openclaw/openclaw.json and cloning a meme repo) is coherent with its stated purpose. However the skill metadata did not declare required credentials or required binaries (Node.js, git) even though SKILL.md and scripts require them.
Instruction Scope
SKILL.md stays on-topic: it instructs cloning the meme repo into ~/.openclaw/workspace/memes, running setup.sh, and using either the included Feishu script or the OpenClaw CLI. The runtime script reads only ~/.openclaw/openclaw.json for Feishu credentials and the image file to upload; it only communicates with open.feishu.cn API endpoints.
Install Mechanism
There is no packaged installer; setup.sh clones https://github.com/kagura-agent/memes (a GitHub repo) and copies the included script into the workspace. Cloning from GitHub is common, but this pulls external content at install time — you should review that repo before trusting its files.
Credentials
The skill requires Feishu app credentials (appId/appSecret) stored in ~/.openclaw/openclaw.json (documented in SKILL.md but not declared in the skill metadata). It also caches a tenant token to /tmp/feishu-token.json (may be world-readable depending on system /tmp permissions). No unrelated credentials or remote endpoints are requested.
Persistence & Privilege
The skill is not forced always-on. setup.sh copies the send script into the user's workspace (local-only). It does read the agent config file (~/.openclaw/openclaw.json) to obtain Feishu credentials, which is within its functional scope but means the skill will access local agent config.
Assessment
This skill appears to do what it says: send local meme files and call Feishu APIs. Before installing: (1) review the external meme repo (https://github.com/kagura-agent/memes) to ensure you trust its contents; (2) confirm you are comfortable the script will read ~/.openclaw/openclaw.json for Feishu appId/appSecret and that those credentials have limited permissions; (3) be aware the script caches a tenant token to /tmp/feishu-token.json — ensure /tmp on your system has appropriate permissions or change the cache location; (4) the metadata omits required tools (Node.js 18+, git); ensure those binaries are present and up-to-date; (5) run setup.sh and the included script manually and inspect them before granting execution rights. If you want stricter controls, create a dedicated Feishu app/account with minimal scope for this skill and do not store higher-privilege credentials in a shared config file.
!
scripts/feishu-send-image.mjs:5
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9751bj6855h0xvxf4h4dceyyh845cms

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments