Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Collaboration Manager
v1.0.0多 Agent 协作管理器,支持动态 @ 组合、任务分配、智能响应
⭐ 0· 355·1 current·1 all-time
by@tazio7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a Feishu (Lark) multi-agent collaboration manager and the code + SKILL.md are focused on mention/keyword routing and task coordination in a group chat — this is coherent. However, the included config.json has every agent using the same openId (so agents cannot be distinguished by openId), which contradicts the SKILL.md's reliance on openId for identity. The skill also claims to support stop/resume and agent control which are described in the docs but not implemented in the hook.
Instruction Scope
SKILL.md instructs agents to always prioritize this skill's group-chat rules (over AGENTS.md) and enforces 'absolute' silence unless @mentioned. That is scope-creep: it asks agents to override other policy files. The doc also asserts authorization rules (only a configured open_id can stop/resume) but provides no mechanism in the hook to validate or enforce that. The instructions grant this skill broad discretion over when agents must remain silent, which can affect other skills' behavior.
Install Mechanism
No install spec / no external downloads. The skill is instruction + a small hook file that reads local config; this is low-risk from an install/execution distribution perspective.
Credentials
The skill declares no required env vars, but the hook reads process.env.OPENCLAW_WORKSPACE (with a hardcoded fallback to /Users/wangbotao/.openclaw/workspace) and loads skills/collaboration-manager/config.json from that workspace. Reading workspace config files is expected for this purpose, but the hardcoded fallback reveals a developer path and will attempt to read local files. The skill does not request Feishu API tokens or other credentials — so it cannot itself send messages, but it relies on local config (which may contain identifiers).
Persistence & Privilege
always: false and default autonomous invocation allowed. The skill does not request permanent presence or modify other skills. The hook only logs coordination decisions and does not auto-enable itself or change global settings in the code provided.
What to consider before installing
This skill appears to implement Feishu mention/keyword routing and is mostly coherent, but proceed cautiously. Before installing: 1) Confirm you trust the skill to read files under your OPENCLAW_WORKSPACE because the hook loads config.json from the workspace (it falls back to an absolute developer path which may not exist). Remove any secrets from that config. 2) Fix agent identity: config.json currently uses the same openId for all agents — update it so agents can be distinguished, otherwise the 'only respond if @' logic may behave incorrectly or allow impersonation. 3) Be aware SKILL.md asks agents to prioritize these rules over AGENTS.md and to enforce absolute silence unless @mentioned — ensure that override is desired and won't break other workflows. 4) The stop/resume authorization is described but not enforced by the hook; if you need enforced access control, implement/authenticate it (e.g., validate sender_id against an allowlist). 5) Test in a sandbox workspace first to verify behavior (no external network calls expected, but local file reads will occur). If you want higher assurance, request the skill author to remove hardcoded paths, declare any required env vars, and implement explicit authorization for stop/resume commands.Like a lobster shell, security has layers — review code before you run it.
latestvk97fjrmpjt0xpbxnp07wgxp08582m9sy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.