ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lark Integration

v1.0.0

Connect Lark (Feishu) messaging to OpenClaw via webhook bridge. Supports text, rich text (post), and image messages bidirectionally. Use when setting up Lark/Feishu as a messaging channel, receiving messages with images, sending replies back to Lark, reading Lark documents/wikis/bitables, or troubleshooting Lark integration issues. Covers both Lark International (larksuite.com) and China Feishu (feishu.cn).

2· 4.2k·14 current·14 all-time
by@boyangwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a webhook bridge between Lark/Feishu and an OpenClaw gateway — this matches the skill name/description. However, the registry metadata claims no required environment variables or config paths while the runtime explicitly requires FEISHU_APP_ID and a secret file, and reads an OpenClaw config file (to obtain a gateway auth token). The bridge legitimately needs a Feishu app id/secret and the gateway token, but those were not declared in the registry metadata — an incoherence that reduces transparency.
!
Instruction Scope
Runtime instructions and scripts read local secret files (~/.openclaw/secrets/feishu_app_secret by default) and a local OpenClaw config (~/.openclaw/openclaw.json or legacy ~/.clawdbot/clawdbot.json) to obtain gateway.auth.token. The bridge sends message text and base64-encoded image attachments to a local OpenClaw WebSocket gateway. The SKILL.md also shows both systemd and launchd service installation examples but the provided setup script actually generates a macOS launchd plist — inconsistent instructions. These behaviors are broadly within the announced purpose but access to other local config files and writing service files are significant actions that should be expected and explicitly declared.
Install Mechanism
No formal install spec; this is primarily an instruction-only skill with included Node scripts. package.json lists two reasonable public npm dependencies (@larksuiteoapi/node-sdk and ws). No downloads from arbitrary URLs or obfuscated code. Installing as a service (systemd/launchd) writes files into system/user locations — expected for a bridge but requires administrative/user consent.
!
Credentials
The skill requires sensitive secrets: FEISHU_APP_ID and the Feishu app secret file, and it reads OpenClaw's local config to get the gateway.auth.token. Those are proportionate to a bridge but they were not declared in the registry metadata (no required envs/config paths listed). The code also looks for legacy ~/.clawdbot/clawdbot.json, meaning it will access other skill/system config locations. Access to another component's token (GATEWAY_TOKEN) is powerful: it lets the bridge act with OpenClaw operator scopes and send messages into agents.
Persistence & Privilege
The skill includes scripts and explicit instructions to install the bridge as a persistent service (systemd example in docs and a macOS launchd generator in setup-service.mjs). The registry flags do not mark the skill 'always: true'; autonomous invocation is allowed (default). Creating systemd/launchd entries and writing logs to home or /etc are expected for a long-running bridge but elevate persistence and should be performed deliberately by the administrator.
Scan Findings in Context
[no_pre_scan_signals] unexpected: Static pre-scan reported no injection signals; this does not imply safety. The code does perform local file reads (secrets/config) and network calls (Lark APIs, local WebSocket). Those behaviors are expected for a webhook bridge but were not declared in the registry metadata.
What to consider before installing
Before installing: (1) Be aware this bridge will read your Feishu/Lark app secret file and your OpenClaw config (to get the gateway auth token). If you don't want the skill to access your OpenClaw gateway token, do not install it. (2) The registry metadata omitted required env/config declarations — verify FEISHU_APP_ID and the secret path are set intentionally and stored securely. (3) The scripts can install a persistent service (systemd or launchd). Only install as a service if you control the host and accept a long-running process that can route messages into your OpenClaw agents. (4) The code appears to use open.larksuite.com for API calls; confirm it supports your Feishu (feishu.cn) tenant before trusting it. (5) If you decide to proceed, review the two included scripts line-by-line and run them in an isolated/test environment first (or run the bridge manually rather than installing the service) so you can confirm which files are read/written and that tokens are not leaked to unexpected endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706j1bmagjvk3edc88k27rnx80b447

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments