Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw New Agent
v1.2.1在 OpenClaw 上创建新的独立飞书机器人(多账号模式)。当用户要求创建新的飞书机器人、新增 Agent、部署第二个机器人时使用。流程包括:收集配置信息 → 备份 → 创建工作区 → 修改配置 → 验证。
⭐ 1· 452·0 current·0 all-time
by@itzhouq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim: create additional Feishu (Lark) agents on OpenClaw. What it requires/does: backs up ~/.openclaw/openclaw.json, creates a new workspace folder, patches openclaw.json (gateway config.patch), inspects gateway logs, and validates via openclaw doctor — all directly relevant to that purpose.
Instruction Scope
SKILL.md instructs reading/writing OpenClaw config and logs (~/.openclaw/openclaw.json and ~/.openclaw/logs/gateway.log), running OpenClaw CLI commands (openclaw doctor, gateway restart, gateway config.patch) and creating workspace files. Those actions are necessary for the described task. Instructions do not tell the agent to access unrelated system paths or external endpoints beyond Feishu/OpenClaw links.
Install Mechanism
This is an instruction-only skill (no install spec). README suggests installing via npx clawhub@latest or git clone, but nothing in the package forces downloads at runtime; no arbitrary external archive or obscure URL is used in the instructions.
Credentials
The skill does not declare required environment variables or ask for unrelated credentials. It expects the user to provide the Feishu App ID and App Secret (sensitive but appropriate and necessary for registering a Feishu bot). No extraneous tokens, keys, or config paths are requested.
Persistence & Privilege
Flags: always is false and the skill is user-invocable — appropriate. The instructions perform local config edits/backups within the OpenClaw config area and create workspace files; these are consistent with the stated function and do not attempt to modify other skills or global agent settings.
Assessment
This skill appears coherent and implements the steps you'd expect to add a Feishu/Lark agent to OpenClaw. Before running it (or allowing an AI agent to execute its steps) you should: 1) keep a copy of the backup file it creates and verify the exact backup command it will run; 2) treat the App Secret as sensitive — enter it only when you trust the operator and do not expose it publicly; 3) review any automatic patch (gateway config.patch) to ensure only the intended fields change; 4) if you do not trust autonomous execution, run the documented commands manually or require confirmation before any write operations; 5) confirm the one-click creation link points to the official Feishu domain and that you obtained App ID/Secret from the official Feishu developer console.Like a lobster shell, security has layers — review code before you run it.
latestvk9743hjg7ng6cajt89103sc2k583xpf3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.