Skillv1.0.0

ClawScan security

Feishu Report Summary · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 1:14 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are broadly consistent with its stated purpose (fetching Feishu report data and producing summaries), but it dynamically reads your OpenClaw config, executes a few system commands, and loads SDK code from your local OpenClaw installation — so review those local artifacts before running it.
Guidance: This skill appears to do what it says: run the bundled Node script to fetch Feishu report entries and produce summaries. Before installing or running it, check these points: 1) Inspect your ~/.openclaw/openclaw.json — the script will read that file for appId/appSecret (and may read other channel config). Do not run the script if that file contains unrelated secrets you don't want accessed. 2) The script runs system commands (npm, which) and dynamically requires the @larksuiteoapi/node-sdk from your local OpenClaw installation; that means code from your local node_modules may execute. If you don't trust your installed OpenClaw package, run the script in an isolated environment or review the local package contents. 3) You can override credentials with FEISHU_APP_ID and FEISHU_APP_SECRET environment variables; the script will fail if appSecret is a secret-store reference (secret://). 4) No external downloads or unexpected network endpoints are present in the manifest, but always review the full script (scripts/fetch_report_tasks.js) before running. If you want higher assurance, run the script on a machine/account that contains only the Feishu credentials you intend to use.

Review Dimensions

Purpose & Capability: okThe skill claims to read Feishu Report API data and summarize it. The included script contacts Feishu using appId/appSecret found in ~/.openclaw/openclaw.json or via FEISHU_APP_ID/FEISHU_APP_SECRET overrides, resolves rule IDs, queries tasks, and renders JSON/Markdown. These requirements match the stated purpose.
Instruction Scope: noteSKILL.md instructs the agent to run the bundled Node script and to read credentials from ~/.openclaw/openclaw.json (with optional FEISHU_* env overrides). That is in-scope for fetching Feishu reports. The instructions do not ask to exfiltrate unrelated data. Note: the script also runs system commands (npm, which) and resolves local OpenClaw installation paths at runtime — these actions are functional for locating the Lark/Feishu SDK but increase the attack surface and should be expected.
Install Mechanism: okNo install spec is present (instruction-only with a bundled script). Nothing is downloaded from external URLs. The script relies on the local Node environment and the user's OpenClaw installation.
Credentials: noteNo new credentials are required by the skill manifest, which matches SKILL.md that reads credentials from ~/.openclaw/openclaw.json or FEISHU_APP_ID/FEISHU_APP_SECRET. This is proportional to the task. Caveat: the script reads the entire OpenClaw config file from the user's home directory and will error if appSecret is a secret store reference (secret://). Review openclaw.json for other secrets or unexpected content before running.
Persistence & Privilege: okThe skill is not force-installed (always:false) and does not request system-wide persistence. It does execute local binaries and dynamically require code from the user's OpenClaw installation, but it does not modify other skills or global agent settings.