Back to skill
Skillv1.0.0
VirusTotal security
Feishu Bitable API · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- 6216e516c4446190489fda8fbc39cd50644d1dcef23c38ade3b773b2f93cae1e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-api-bitable Version: 1.0.0 The skill is classified as suspicious due to its file reading capabilities, which, while intended for legitimate purposes, could be exploited. Specifically, `src/utils.js` contains functions (`getEnvVar` for `_PATH` environment variables and `parseJsonInput` for `@file` command arguments) that can read the content of arbitrary local files. If an AI agent were compromised via prompt injection, it could be instructed to provide paths to sensitive files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`), leading to their content being read and potentially exfiltrated as part of API requests to the legitimate Feishu API endpoint (`https://open.feishu.cn`). There is no clear evidence of intentional malicious behavior by the skill developer, but the capability presents a significant risk if misused.
- External report
- View on VirusTotal