Message Tracker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its Feishu message-tracking purpose, but its hook builds Python code from message arguments and it persistently stores Feishu data using local credentials.
Install only if you intentionally want a background Feishu message indexer. Before enabling it, fix the tracker-hook.sh argument-handling issue, verify Feishu credential scopes, restrict daemon socket access, and understand where collected messages are stored and how to purge them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed message ID or batch argument reaching this hook could execute local code with the tracker's privileges, especially if the daemon/hook is run as root.
The hook constructs Python source code by directly interpolating shell variables for message content, message IDs, and batch arguments instead of passing them as data. Values containing Python string/list delimiters could alter the generated script.
content_json=$(python3 -c "... 'content': '''${content}'''[:500] ...") ... args = ["${msg_id}"] ... "args": [${msg_ids}]Do not enable the hook until it passes values through argv, stdin, or a safely encoded JSON file, uses quoted here-documents, and validates message IDs before invoking Python.
The skill can access Feishu messages available to the configured app credentials, so installing it grants the tracker meaningful account/workspace access.
The tracker reads the local OpenClaw Feishu app ID and secret and exchanges them for a Feishu tenant access token. That is expected for a Feishu tracker, but the registry metadata declares no credentials or required config paths.
config_path = Path("/root/.openclaw/openclaw.json") ... app_secret = account.get("appSecret") ... /auth/v3/tenant_access_token/internalConfirm the Feishu app permissions are limited to the intended channels/messages, and update metadata/docs to declare the credential/config dependency clearly.
Feishu messages and summaries may remain searchable or retained longer than users expect, including permanent daily records.
The skill stores Feishu message data, archives, daily records, and indexes in persistent OpenClaw memory paths. This is aligned with message search/history, but it means private chat content may persist and be reused.
workspace/memory/messages/... Layer 1 (7天) ... workspace/memory/archive/... Layer 2 (90天) ... workspace/memory/daily/... Layer 3 (永久) ... workspace/memory/index/message-index.json
Limit tracked channels, protect the OpenClaw workspace, verify actual storage paths before deletion, and provide clear purge/retention controls for users.
Message tracking can continue in the background until the daemon is stopped, and local processes may interact with the daemon socket if permissions allow.
The skill intentionally supports a long-running daemon with a Unix socket and watchdog behavior. This is disclosed and purpose-aligned, but users should notice that it continues operating after startup.
daemon ... 使用 Unix Socket (/run/track-daemon.sock) 接收请求 ... Watchdog线程每30秒检查一次主线程响应性
Run the daemon only when needed, use the documented stop/status commands, and restrict the socket and PID/lock files to trusted local users.