ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书群消息撤回

v1.0.0

撤回飞书群消息。以用户身份撤回(recall)飞书群聊或单聊中的消息。群主/管理员可撤回任意成员消息,普通成员只能撤回自己的消息。支持单条撤回、批量撤回、按时间范围撤回。触发词:撤回消息、recall message、删除群消息、recall、撤回。

0· 60·1 current·1 all-time
bykoen@tz826
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The described purpose (recall/delete Feishu messages) matches the runtime actions (get_messages + delete). However the SKILL.md explicitly requires a user's OAuth token and the im:message scope, but the skill metadata lists no required credentials or primaryEnv. That mismatch is unexplained and disproportionate.
Instruction Scope
Instructions stay within the stated task (single, batch, time-range deletes) and do not ask to read unrelated files or external endpoints. However they permit bulk deletion across time ranges and instruct iterating through messages to delete — a legitimate capability but with high abuse potential if misused or if admin privileges are granted broadly.
Install Mechanism
No install spec or code files are present; this is instruction-only so nothing is written to disk. Low install risk.
!
Credentials
The runtime text requires a user OAuth token and the im:message scope, but the skill declares no required environment variables, secrets, or primary credential. That omission is a meaningful inconsistency: deleting user messages requires sensitive credentials but none are declared.
Persistence & Privilege
always is false and there is no install or persistent configuration. The skill does not request permanent presence or modify other skills; standard autonomous invocation applies.
What to consider before installing
This skill's behavior (deleting Feishu messages) requires a user's OAuth token and the im:message permission, but the published metadata does not declare any required credentials — that's an incoherence you should not ignore. Before installing or using it: 1) confirm the skill's source and trustworthiness (there's no homepage or known owner contact); 2) require the publisher to declare which credential the agent will use (e.g., a named primaryEnv like FEISHU_OAUTH_TOKEN) and limit scope to the minimum; 3) verify whether the app would get admin privileges in group chats (admins can delete other users' messages) and avoid granting such rights unless necessary; 4) ask how rate/volume and time-range deletes are constrained to prevent accidental or malicious mass-deletion; 5) prefer using a vetted official integration or a skill that clearly documents required tokens and permission handling. If the publisher cannot justify the missing credential declarations and provenance, treat the skill as risky and avoid installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dffwvb6d16h4d6hhzbvhzt183p128

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments