Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
auto-file-sender
v1.0.1Automatically send files from workspace to Feishu/Lark when files are generated or updated. Use when: (1) User creates new documents and wants them delivered...
⭐ 0· 99·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description promise automatic delivery to Feishu/Lark, but the Python script does not call any Feishu API, does not use any bot token/credentials, and instead generates JSON 'message.send' tool calls. No environment variables or credentials are declared for Feishu. Either the skill relies on the platform's message tool to have pre-configured credentials (not documented) or it cannot actually send files as advertised — this is an incoherence.
Instruction Scope
SKILL.md and the script instruct scanning and watching /root/.openclaw/workspace (and arbitrary directories via --watch) and produce/send commands containing absolute file paths. The script reads any files in the workspace and prints JSON commands that include those paths. This behavior aligns with 'send files', but it grants the skill broad discretion to read and forward workspace files — something users should explicitly approve.
Install Mechanism
Instruction-only with a small bundled script; there is no install spec, no downloads, and nothing written to system directories by an installer. Risk from install mechanism is low.
Credentials
The skill requests no credentials or env vars, yet claims to interact with Feishu/Lark. Real Feishu integration normally requires API credentials. The lack of declared credentials suggests the skill expects the host agent/tooling to provide send capability (and associated secrets) implicitly — this should be documented and justified. Also, the script will read arbitrary files from the workspace, which is proportionate to 'send files' but raises data exposure concerns if sensitive files exist.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does not modify other skills or system-wide settings. Running watch mode grants runtime autonomy to scan and emit send commands, but that is normal for a watcher script and not an elevated privilege by itself.
What to consider before installing
This skill does not actually implement Feishu/Lark API calls or request credentials — it scans your workspace and prints JSON 'message.send' commands that the platform or an agent would need to execute to deliver files. Before installing or running: (1) Understand whether your agent/platform will automatically execute those printed send commands and whether it has Feishu credentials — if so, the skill can forward any matching file from the workspace (potential data exfiltration). (2) Prefer running with --once to preview which files would be sent. (3) Limit the watch directory to a safe folder, add strict patterns, and review/inspect any sensitive files in the workspace. (4) If you expect the skill to handle sending itself, require a version that implements Feishu API calls and documents credential handling. (5) If unsure, treat this as untrusted automation and do not run watch mode unattended.Like a lobster shell, security has layers — review code before you run it.
latestvk97fshf3wk97dd6qnka7qp0mbx8322jg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.