Back to skill
Skillv1.0.2
VirusTotal security
Feishu Log · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:07 AM
- Hash
- 42f48003989ddc76e026c676315edae49941ba7c2fc978066a6038435777cf9a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-log Version: 1.0.2 The skill bundle contains multiple files (log-work.mjs, log.js, log-simple.mjs, config-credentials.js) with hardcoded Feishu API credentials (App ID: cli_a93b936aa9391cc7, App Secret: aMRJMyi3KSXbSJhRgyx7ycvyT5D3rsrs). While intended for logging, the use of hardcoded secrets is a major security vulnerability. The scripts also perform broad permission management on the Feishu platform, specifically granting 'full_access' to users, which is a high-risk capability. Although no explicit data exfiltration to external domains was detected, the combination of hardcoded credentials and automated permission escalation makes the bundle high-risk.
- External report
- View on VirusTotal