Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Feishu Base
v0.2.5Unified Feishu Base/Bitable management for OpenClaw. Use when you need to inspect Base schema, manage tables/fields, or query/create/update/delete records in...
⭐ 0· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, exported tool actions, and code all align: this is a Feishu (Lark) Base/Bitable management plugin. It uses the official Lark/Feishu SDK and implements schema, table, field, record, and attachment operations — all expected for the stated purpose.
Instruction Scope
SKILL.md and code are consistent but the runtime instructions/code explicitly read persisted OpenClaw config paths (OPENCLAW_CONFIG_PATH or ~/.openclaw/openclaw.json), local files (when upload_attachment or clone_attachment with file_path is used), and fetch arbitrary URLs for cloning attachments. These behaviors are explained in the docs and are justified by attachment upload and credential resolution needs, but users should be aware the plugin will read local config files and files referenced by file_path.
Install Mechanism
Registry metadata lists no install spec, yet the package contains package.json and full source. No installer URL or release host is present in the registry metadata. Dependencies are standard npm packages (@larksuiteoapi/node-sdk, zod, etc.) — installing normally via npm is typical, but the absence of an explicit install spec in the registry listing is an inconsistency worth noting.
Credentials
The plugin declares no required environment variables, but it will read process.env.OPENCLAW_CONFIG_PATH if present and fallback to ~/.openclaw/openclaw.json to locate Feishu credentials. That behavior is documented in SKILL.md/README and is proportionate to needing Feishu credentials, but it does mean the plugin can access persisted config files on disk.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It registers a tool via the plugin API (normal). It does not modify other skills or system-wide settings; destructive operations are gated by a plugin config flag (allowDelete=false by default).
Assessment
This plugin appears to do what it says: manage Feishu Base/Bitable using Feishu credentials already configured in OpenClaw. Before installing, confirm you trust the plugin source because:
- It will attempt to locate Feishu credentials via runtime context, OPENCLAW_CONFIG_PATH, or ~/.openclaw/openclaw.json (so ensure that file does not contain secrets you don't want exposed to plugins you install).
- It can read local files when you use upload_attachment/clone_attachment with a file_path, and it will fetch external URLs when cloning attachments — only use this with trusted URLs and file paths.
- Destructive actions (delete_records, delete_field, delete_table) are implemented but disabled by default; verify plugin config (allowDelete) before enabling destructive operations.
- The package has normal npm dependencies; because the registry listing lacks an explicit install spec, prefer installing from a trusted source or reviewing package.json and source before running npm install.
If you want tighter control, inspect the included source files (they are present in the package) and keep allowDelete set to false unless you explicitly need deletion.src/base/attachments.js:130
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk976mgsf965v3z3xe25fzy7wsh84233z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.