ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Feishu Message

v0.1.0

Send Feishu/Lark direct messages and work follow-ups from OpenClaw. Use when the user wants to search for a person in Feishu/Lark, resolve a user, create a 1...

0· 40·0 current·0 all-time
by@systransform88
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code: the package uses the official Feishu/Lark SDK to look up employees, create chats, and send messages. The included client, search, send, and cache logic are coherent with a messaging/contact-resolution tool. However, the plugin bundles a pre-populated contact-cache.json (contains many email addresses and phone numbers) and hardcodes a data directory under /root/.openclaw/workspace/plugins/openclaw-feishu-message/data, which is more persistent and invasive than the registry metadata suggested (the registry showed no required config paths).
!
Instruction Scope
SKILL.md limits behavior to contact resolution and messaging. The implementation, however, reads persisted OpenClaw config files (~/ .openclaw/openclaw.json or a path pointed to by OPENCLAW_CONFIG_PATH) and will use appId/appSecret from those configs. That file access and the ability to read an arbitrary path via env var are not documented in the registry metadata and broaden the plugin's runtime scope. The pre-populated contact-cache also means the plugin may return or expose local PII that is bundled with the skill.
Install Mechanism
No remote downloads or unusual install steps are present; dependencies are standard npm packages (@larksuiteoapi/node-sdk, openclaw, etc.). There is no explicit install spec in the registry, but the code is standard Node.js and does not fetch arbitrary archives or use URL-shortened sources.
Credentials
The skill declares no required env vars, but at runtime it will look for Feishu credentials in runtime config or a persisted OpenClaw config file and respects OPENCLAW_CONFIG_PATH. Requiring Feishu appId/appSecret is appropriate for its purpose, but the plugin implicitly accesses user config files (and can be pointed at an arbitrary config path via env var). That implicit access should be made explicit to users before install.
!
Persistence & Privilege
The plugin writes/reads a cache file in a hardcoded directory under /root/.openclaw/workspace/plugins/... which is inflexible and may be inappropriate for non-root runtimes. It also ships with data/contact-cache.json containing many contact entries (emails, phone numbers). While caching contacts is reasonable, bundling third-party PII and using a fixed root-based path increases privacy and operational risk and should be reviewed.
What to consider before installing
This plugin appears to do what it says (look up Feishu contacts and send bot messages), but review these items before installing: - Inspect data/contact-cache.json: it contains many email addresses and phone numbers bundled with the plugin. Remove or sanitize this file if it contains PII you don't want included. - Confirm where Feishu credentials will come from: the plugin reads your OpenClaw config (~/.openclaw/openclaw.json) or the file pointed to by OPENCLAW_CONFIG_PATH to find appId/appSecret. If you don't want the plugin to read that file, do not install or set a safe OPENCLAW_CONFIG_PATH. - The cache path is hardcoded to /root/.openclaw/workspace/..., which may be inappropriate for your environment. If you run as a non-root user or in a constrained environment, ask the plugin author to make the data directory configurable or to use a runtime-provided workspace path. - Verify the Feishu appId/appSecret and tenant scopes before granting them (employee lookup, chat creation, and bot-send scopes are needed). Consider creating a limited-scope bot account for this plugin. If these concerns are acceptable or addressed (configuration of cache path, removal of bundled PII, and clear credential management), the plugin's behavior is consistent with its stated purpose. Otherwise treat it as potentially risky and request changes from the publisher.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eemc6r4562d5qa8ebdhswv984rpjh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments