Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
快速配置新的agent
v1.0.0交互式添加并绑定新的飞书机器人账户,支持账户级或群聊级路由,自动备份配置并重启服务生效。
⭐ 0· 74·0 current·0 all-time
byJory@vimself
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the implementation: index.js reads and writes ~/.openclaw/openclaw.json, creates backups, updates channel accounts and bindings, sets session.dmScope, and restarts the Gateway via the openclaw CLI. The requested capabilities are consistent with configuring Feishu bot accounts and routing to Agents.
Instruction Scope
SKILL.md describes an interactive conversational flow (agent will ask App ID/Secret and other fields). The shipped code implements a non-interactive CLI quickMode that requires --app-id and --app-secret; there is no interactive prompt implementation. The mismatch could lead to accidental secret exposure or failed runs if users expect interactive prompts. The SKILL.md and CLI examples also instruct passing the App Secret as a command-line argument, which risks credential leakage (shell history and process list).
Install Mechanism
No install spec and no remote downloads; code is included in the skill bundle. Nothing writes arbitrary external code to disk beyond the provided files. This is lower-risk than fetching remote binaries.
Credentials
The skill requires access to the user's home openclaw.json and will write App Secret values into that config (plaintext). It also invokes the openclaw CLI to change config and restart the gateway. While these are necessary for the stated purpose, the practice of accepting secrets via CLI args and storing them in plaintext is disproportionate from a credential-protection perspective and can leak credentials via shell history or process listings. No environment variables are declared to provide secrets more safely.
Persistence & Privilege
The skill does not request always: true and is user-invocable. It legitimately edits the OpenClaw config and restarts the Gateway — actions that affect runtime behavior and require appropriate privileges. This level of access is expected for a config-management tool but is impactful, so users should only run it in a trusted context.
What to consider before installing
Before installing or running this skill: 1) Review the included index.js and lib/validator.js yourself (they will read/write ~/.openclaw/openclaw.json and create backups). 2) Do not pass App Secret on the command line in production: CLI args can be recorded in shell history and visible to other processes; prefer an interactive prompt or a secure secret mechanism. The current implementation lacks interactive prompts, so secrets are likely being supplied as CLI args—update the script to prompt or accept secrets securely. 3) Be aware the skill writes App Secret plaintext into openclaw.json and creates backups in ~/.openclaw/backups — ensure those files have restrictive permissions and are stored securely. 4) The validator (lib/validator.js) appears to incorrectly require peer.id for all bindings and may reject valid account-level bindings; test in a staging environment first. 5) Test the workflow in a non-production environment, inspect the created backup file before restarting the Gateway, and ensure the openclaw CLI exists and you understand privilege implications of restarting the service. If you cannot audit or modify the code, avoid using it with real secrets or on production systems.index.js:169
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk970qsrmm7t0ddk8mmspejvxan83f2he
License
MIT-0
Free to use, modify, and redistribute. No attribution required.