Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is described as a multi-agent IM integration and the included config files and prompts match that purpose. However, the registry metadata declares no required credentials or env vars while SKILL.md and the configs explicitly instruct you to provide model API keys and platform credentials (Feishu App ID/Secret, Discord bot token). That mismatch (no declared secrets but instructions requiring them) is disproportionate and should be corrected or explained by the author.
Instruction Scope
SKILL.md tells the user to copy config files into ~/.openclaw, edit ~/.openclaw/openclaw.json to add API keys and channel settings, run the provided doctor.sh, start the gateway, and use commands that will send/receive messages via Feishu/Discord. The instructions also reference files and commands that are not present in the package (e.g., references/discord-setup.md is mentioned but missing; configs reference node scripts like scripts/task-store.js which are not included). The skill therefore asks the agent/user to read and modify persistent config files containing secrets and to enable long-lived connections—expected for an IM integration but the missing referenced files and lack of declared dependencies are scope concerns.
Install Mechanism
There is no formal install spec (instruction-only) which minimizes installer risk. The package does include a verification script (scripts/doctor.sh) which will be run manually. That script expects external binaries (openclaw, jq) but the manifest lists no required binaries; this omission is noteworthy but not inherently malicious.
Credentials
The skill does not declare any required environment variables or primary credential in the registry metadata, yet SKILL.md and references/feishu-setup.md instruct the user to provide FEISHU_APP_ID / FEISHU_APP_SECRET (or add them to openclaw.json) and a model API key (dashscope/sk-...). The doctor script reads ~/.openclaw/openclaw.json which will contain these secrets. Requesting long-lived bot credentials and model API keys is consistent with the functionality, but the fact they are not declared in metadata and the skill will instruct writes into your existing OpenClaw config is a proportionality and transparency concern.
Persistence & Privilege
always:false and user-invocable:true (normal). The instructions tell the user to copy configs into ~/.openclaw and to start openclaw/gateway, which results in persistent agents and long-lived connections (Feishu WebSocket / Discord bot). That persistence is expected for a chat-integration skill but increases potential blast radius—exercise usual caution when adding bots that have message-sending permissions and long-lived tokens.
What to consider before installing
This skill is generally coherent with its stated goal (a multi-agent IM-based workflow) but has some transparency and completeness problems you should resolve before installing: 1) The registry declares no required env vars or credentials, yet the docs instruct you to add Feishu App ID/App Secret (or Discord token) and a model API key into ~/.openclaw/openclaw.json — expect to provide these secrets. 2) The provided verification script (scripts/doctor.sh) expects openclaw and jq on your machine; ensure those binaries are installed and trustable. 3) Several referenced helper files are missing (e.g., discord-setup.md, scripts/task-store.js referenced in prompts); ask the author for the complete repo or check the linked GitHub repo before proceeding. 4) Backup your existing ~/.openclaw/openclaw.json before copying new configs and inspect the config files for any endpoints or webhook URLs you don't recognize. 5) When enabling Feishu/Discord bots, apply least-privilege scopes, restrict DM/group policies appropriately, and review audit logs after first run. If the author cannot justify why credentials are not declared in the package metadata or cannot provide the missing files, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97875qbzn1qen5mfwnexyke8984b0c3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.