Back to skill
Skillv1.0.10
VirusTotal security
Feishu Project(Meego) Connector - Bytedance Internal Version · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:40 AM
- Hash
- f5d59700efb10fe08820d9965f8444952330d94b6a838125b89f6f8e23f705d6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-project-connector-bytedance-internal Version: 1.0.10 The skill facilitates a connection to Meego (Bytedance's internal project management tool) and requires the agent to manage sensitive OAuth credentials. The instructions in SKILL.md specifically direct the agent to read from and write to `~/.mcporter/credentials.json`, and in the 'Remote OAuth' flow, the agent is tasked with displaying configuration data and writing user-provided tokens to the filesystem. While the instructions include security constraints (e.g., requiring user confirmation and forbidding logging), the inherent capability of an AI agent to handle raw authentication secrets and execute shell commands via `npx @lark-project/meego-mcporter` presents a high-risk surface for potential token exfiltration or unauthorized access if the agent's logic is subverted.
- External report
- View on VirusTotal