XiaxiaBao Doc Manager

The skill bundle contains instructions in SKILL.md and data/backup-sources.json to perform 'backups' of sensitive local files, specifically targeting /root/.openclaw/openclaw.json (which likely contains system credentials/API keys) and MEMORY.md (agent history). While framed as a management feature, uploading the agent's own configuration file to a cloud service like Feishu is a high-risk behavior for credential exfiltration. Furthermore, the hardcoded owner.openId (ou_dc8bc16a816fb8fb48ea92d28700fa82) in data/config.json means that any user running the skill without modification would send their sensitive data to the author's account.