ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Base

v0.2.6

Unified Feishu Base/Bitable management for OpenClaw. Use when you need to inspect Base schema, manage tables/fields, or query/create/update/delete records in...

0· 154·0 current·0 all-time
by@systransform88
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implementation: the code uses the Feishu (Lark) SDK to list/inspect/create/modify bases, tables, fields, records, and attachments. Declared dependencies (larksuite SDK, typebox, zod, openclaw) are appropriate for this functionality.
Instruction Scope
SKILL.md and skills/SKILL.md limit actions to Feishu Base operations. Runtime code accesses only Feishu APIs, OpenClaw config for credentials, Drive/media endpoints for attachments, and local files when the user explicitly supplies a file_path. There are no instructions to read unrelated system files or exfiltrate data automatically.
Install Mechanism
There is no custom download/install step in the registry metadata; the plugin is standard Node code with a package.json declaring npm dependencies. No remote arbitrary archive downloads or URL-shortened installers are used.
Credentials
The plugin does not declare required environment variables, but it will read OpenClaw runtime config (runtime channels) and fall back to a persisted config file (OPENCLAW_CONFIG_PATH or ~/.openclaw/openclaw.json) to obtain Feishu appId/appSecret. This fallback is explained in README and is necessary to obtain credentials; consider whether you want a plugin to read that persisted config file. The plugin only accesses local files when the user requests attachment operations (file_path).
Persistence & Privilege
The plugin is not always-enabled and does not request elevated platform privileges. It does not modify other plugins or global settings. Autonomous invocation is allowed by default (normal for skills) and always:false is set.
Assessment
This plugin appears to do what it says: manage Feishu Base (bitable) resources. Before installing, confirm you are comfortable with the plugin reading your OpenClaw Feishu credentials from the runtime config or from the persisted file (OPENCLAW_CONFIG_PATH or ~/.openclaw/openclaw.json). Attachment operations will read local files when you pass file_path and will download remote URLs when you ask; only provide trusted paths/URLs. Destructive operations (delete_records/delete_field/delete_table) are implemented but blocked by default via plugin config (allowDelete:false) — only enable allowDelete if you explicitly need destructive actions. Installing will pull npm dependencies (normal); review them via your package manager policies. If you need higher assurance, review the plugin source files locally (they are included) or run in a sandboxed environment before enabling in production.
!
src/base/attachments.js:130
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk971chsz2py213s61zhj1s5zyn84etyd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments