Skillv1.0.2

ClawScan security

Feishu Log · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 9:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (write structured logs to Feishu) but contains several inconsistencies and risky practices (undeclared required credentials, hard-coded default credentials, and reading/writing OpenClaw config files) that warrant caution before installing.
Guidance: What you should check before installing/use: - Expectation vs reality: The skill's metadata said no env vars, but the code and SKILL.md require FEISHU_APP_ID and FEISHU_APP_SECRET (and a DEFAULT_OWNER_ID). Don't rely on the registry metadata alone. - Credentials in code: Several source files include hard-coded default app_id, app_secret, and folder tokens. Treat these as suspicious — they may be placeholders, but you should not use them. Replace with credentials from an app you control. - Tenant-level token: The skill uses tenant_access_token (app-level credential) which can access and modify Drive/docs across the tenant. Give the app minimal scopes and use a dedicated Feishu app with only needed permissions. - Persistent writes: The skill will read and write files under ~/.openclaw (e.g., .env, feishu-credentials.json, openclaw.json). Review and backup those files before running; inspect saved credential files and consider encrypting or restricting file permissions. - Permission actions: It will add the configured user as full_access collaborator on created folders. Make sure you understand and accept that behavior. - Recommended mitigations: run the code in a sandbox or test account first; create a dedicated Feishu app with minimal permissions and use its credentials; remove any hard-coded secrets from the code; verify the skill only uses expected API endpoints; and review the files it will create/modify under your home directory. - If you are unsure: do not run with organization-level or production credentials until you or your security team have audited the code and replaced hard-coded values with credentials you control.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (write structured logs to Feishu) matches the code. However registry metadata declares no required environment variables while SKILL.md and the code clearly require FEISHU_APP_ID, FEISHU_APP_SECRET and a DEFAULT_OWNER_ID (or equivalent config files). The code also contains built-in default app_id/app_secret and folder tokens which are unexpected in a published skill and may indicate leaked/placeholder credentials. Requiring tenant-level app credentials (tenant_access_token) is coherent for this integration, but the metadata omission and hard-coded defaults are inconsistent.
Instruction Scope: concernSKILL.md describes using tenant_access_token and creating folders/docs — consistent. But runtime instructions and code do more: they read/write files under the user's home (~/.openclaw/workspace/.env, ~/.openclaw/feishu-credentials.json, ~/.openclaw/openclaw.json), offer an interactive credential configurator, and indicate automatic adding of users as full_access collaborators. Reading the global OpenClaw config to pull credentials and writing persistent credential files expands scope beyond ephemeral API calls and should be reviewed by the user.
Install Mechanism: okThere is no remote install step; this is instruction + local code only. No external download URLs or extract steps are present. That lowers supply-chain risk compared to remote installers.
Credentials: concernThe skill legitimately needs Feishu app credentials (app_id/app_secret) to obtain a tenant_access_token. However: (1) the registry metadata claims no required env vars while SKILL.md and code require them; (2) multiple files contain hard-coded default app_id/app_secret and folder tokens (placeholders or real) — storing credentials in source is risky; (3) the skill requests tenant-level capability (drive/docx and permission management) which grants broad access to the organization's files. These factors together increase the blast radius if credentials are misused.
Persistence & Privilege: noteThe skill does not set always:true and does not request elevated agent privileges. However it persists credentials/config to the user's home (~/.openclaw/...), and will add users as collaborators with full_access on created folders. Persisting app secrets to disk and modifying OpenClaw config are permanent actions the user should explicitly consent to.