Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Connect
v1.0.0连接飞书机器人。通过接口直连发起注册会话,拿到链接(必须拼接 from=maxclaw)发给用户,等用户配置完成后告诉用户去飞书找机器人拿配对码。适用于连接飞书、接入飞书、绑定飞书机器人、创建飞书机器人、OpenClaw 接飞书等场景。
⭐ 0· 78·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (connect a Feishu bot) align with the actual actions (call Feishu OAuth endpoints, produce a verification link, poll for tokens). However the skill's metadata declares no required binaries while the instructions explicitly use curl, which is an inconsistency: the agent will need curl available to execute the described flow.
Instruction Scope
The SKILL.md tells the agent to run curl commands against accounts.feishu.cn, store cookies in /tmp/feishu_cookies.txt, extract device_code/user_code, append a tracking parameter (&from=maxclaw), and poll for client_id/client_secret. The document forbids reading docs/channels/feishu.md after user confirms (an unusual restriction) and forbids outputting a range of configuration guidance. There is no instruction to protect or avoid printing client_secret/client_id, so secrets from the poll response could be exposed in agent logs or chat output.
Install Mechanism
This is an instruction-only skill (no install spec), which is low install risk. But it implicitly requires curl and filesystem writes (cookie jar in /tmp). The missing declared required binaries (curl) is an inconsistency and should be declared so operators know the runtime dependency.
Credentials
The skill requests no environment variables or credentials in metadata, yet the runtime will obtain client_id and client_secret from Feishu. There is no guidance to avoid storing or printing these secrets, and the cookie jar is written to /tmp under a fixed name, which could be read by other local processes. These are proportional to the task but lack secure-handling instructions and are not declared in the skill manifest.
Persistence & Privilege
always is false and there is no install behavior or modification of other skills or global agent config. The skill writes a cookie file to /tmp during execution (transient), but it does not request permanent privileges or automatic background activity.
What to consider before installing
This skill appears to do what it says (initiate Feishu OAuth and produce a clickable verification link), but there are a few things to consider before installing or using it:
- Runtime dependency: The instructions use curl but the manifest does not declare curl as required. Ensure your agent runtime has curl available.
- Secret handling: The OAuth poll returns client_id and client_secret. The skill gives no guidance to avoid printing or storing these secrets; they may appear in chat logs or saved cookie files. If you install, confirm how secrets are handled and consider running the skill in a restricted environment.
- Cookie file: The skill writes /tmp/feishu_cookies.txt. That file may be accessible to other local users/processes. If this is a concern, modify the workflow to use a secure temporary path.
- The forced '&from=maxclaw' parameter and the prohibition on reading docs/channels/feishu.md are unusual. Ask the author why that parameter is required and why the skill explicitly forbids reading local documentation—this could be legitimate (tracking/integration requirement) but should be explained.
- If you need stronger assurance, request the skill source or run the process in a sandboxed agent environment. If you cannot verify secret handling and origin of the skill, treat it cautiously and avoid using it with high-privilege accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk974w40qzbwrgjgas0vf0x5gxs83bcc5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.