ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-task-integration-skill

v1.0.0

飞书任务对接集成技能,实现待办事项与飞书任务的双向同步。自动创建飞书任务、智能解析时间表达式、设置任务负责人,支持任务状态同步和完成管理。使用场景:需要将本地待办事项同步到飞书任务、设置任务截止时间、指派任务负责人、跟踪任务完成状态。

0· 537·6 current·6 all-time
by@showdownagain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (two-way sync between local todos and Feishu tasks) is plausible, but the implementation contains surprising artifacts: the code reads credentials from environment variables (FEISHU_APP_ID / FEISHU_APP_SECRET) and from a hardcoded file path (/home/gary/.openclaw/workspace/feishu_config.json) even though the registry metadata declares no required env vars or config paths. The feishu_task_integration.py also hardcodes a current_user_id (ou_19c0ea...) and refers to a specific 'yangbin' user — behavior that is not justified by the generic description and looks like personal/test scaffolding left in production code.
!
Instruction Scope
SKILL.md instructs using a local feishu_config.json and running todo_handler.py, but the actual scripts reference absolute paths under /home/gary/.openclaw/workspace and attempt to read/write todo_data.json there. The SKILL.md does not mention the hardcoded path or the default addition of a specific user as follower/assignee. The runtime instructions and the code's file/credential access are therefore inconsistent and broader in scope than documented.
Install Mechanism
There is no install spec (instruction-only), so nothing will be downloaded or installed automatically. That reduces install-time risk. However, code files are included in the skill package and will run when executed.
!
Credentials
Registry metadata declared no required environment variables, but the code reads FEISHU_APP_ID, FEISHU_APP_SECRET (and optionally FEISHU_ASSIGNEE_USER_ID per references) from environment variables and/or a config file. That mismatch is problematic. Additionally, the code contains hardcoded sensitive-looking placeholders and a concrete open_id for a specific user (yangbin/current_user_id) which is disproportionate for a general-purpose integration and may cause unintended sharing of tasks with that account.
Persistence & Privilege
The skill does not request elevated platform privileges or set always: true. It persists todo and config files to disk (and in some scripts to absolute paths in /home/gary/.openclaw/workspace). Writing user files is expected for a todo-sync skill, but the use of another user's absolute home path is odd and could cause accidental reads/writes outside the intended working directory.
What to consider before installing
This skill is suspicious but not clearly malicious. Before installing or running it: - Don't run it unmodified in a production account. Inspect and (preferably) use the cleaned scripts (the _clean.py files) and remove any hardcoded IDs or absolute paths. - Provide credentials only via a secure feishu_config.json that you control or via environment variables; ensure the registry metadata correctly declares required env vars. - Remove or change the hardcoded current_user_id and 'yangbin' references so the skill does not automatically add an unrelated third-party account as follower/assignee. - Update file paths to use relative/workspace locations (or configurable paths) instead of /home/gary/… to avoid accidental access to another user's files. - Review network behavior: the scripts call open.feishu.cn endpoints (expected), but you should confirm you intend to send your todo data there. - If you need to trust this skill, run it in an isolated environment first (local VM or test account), verify it only uses the credentials you supplied, and rotate credentials after testing. If you want, I can point out the exact lines with hardcoded paths/IDs and suggest safe edits to make before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720ew2jd1ayha1ag5gqnxfy18207tg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments