Back to skill
Skillv1.0.0
VirusTotal security
Feishu Master · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:06 AM
- Hash
- 865997c68ddf76ec4b5305d7082729feb1688eaf36f3aaba933cb3892f4b7623
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-master Version: 1.0.0 The feishu-master skill bundle is classified as suspicious due to its 'progressively extensible' design, which explicitly instructs the AI agent in SKILL.md and DEVELOPMENT.md to dynamically generate, save, and execute new Python scripts at runtime. This architecture creates a significant risk of Remote Code Execution (RCE) via prompt injection, as the agent is directed to implement code based on external documentation (via 'Context7'). While the included scripts (get_token.py and get_group_members.py) appear to be legitimate tools for interacting with the Feishu API (open.feishu.cn), the core instruction set encourages the agent to bypass the safety of a static, audited codebase.
- External report
- View on VirusTotal