Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Custom Gift Leewow
v1.0.24Help users quickly find desirable customizable products, turn images or ideas into gifts, and get highly flexible personalized customization services. Browse...
⭐ 0· 172·0 current·0 all-time
by@yqxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality (browse templates, upload images, generate previews, send Feishu cards) matches the skill name and description. However registry metadata claims no required env vars/binaries while SKILL.md and code require CLAW_SK, FEISHU_APP_ID/SECRET, FEISHU_RECEIVE_ID, Python packages (requests, qcloud_cos / cos-python-sdk-v5) and workspace paths — this mismatch is an inconsistency.
Instruction Scope
Runtime instructions and the bundled scripts read ~/.openclaw/.env, expect user images in ~/.openclaw/workspace, write preview/cache files, upload images to Feishu, fetch STS credentials from the Leewow API, and send messages directly to Feishu. Loading an entire .env file and accepting many env-driven parameters is broader than strictly necessary for a single request and gives the skill broad access to local environment values.
Install Mechanism
No install spec (instruction-only) reduces installation risk and there are no external download URLs, but the package ships Python scripts that require third-party packages (qcloud_cos / cos-python-sdk-v5, requests). Those dependencies are not declared in registry metadata/manifest, which may lead to runtime failures or ad-hoc installation by users.
Credentials
The skill legitimately needs CLAW_SK and Feishu credentials to call Leewow and Feishu APIs. However the code automatically loads ~/.openclaw/.env into process environment (without restricting keys) and copies the entire environment into subprocesses — this can cause unrelated secrets in a user's .env or environment to be present in child processes and increases risk of accidental exposure. Also registry metadata did not declare these required secrets, which is misleading.
Persistence & Privilege
The skill writes files under ~/.openclaw (workspace, previews, cache, deferred batch json files). It does not request platform-wide privileges or set always:true, but spawning background subprocesses with a full copy of the environment (including secrets) and writing persistent caches are noteworthy privileges that increase blast radius if run in a shared environment.
What to consider before installing
This skill appears to implement the advertised features (browsing templates, uploading images, generating previews, sending Feishu messages), but pay attention before installing or providing secrets: 1) You will need to supply CLAW_SK and Feishu app credentials (FEISHU_APP_ID / FEISHU_APP_SECRET) — these are powerful secrets; only provide them if you trust the skill and operator. 2) The skill automatically loads ~/.openclaw/.env into its process environment and copies the whole environment into spawned subprocesses — remove any unrelated secrets from that file or run the skill in an isolated environment (throwaway account / VM / container) to avoid accidental exposure. 3) The package expects Python dependencies (requests, qcloud_cos / cos-python-sdk-v5) that are not declared in registry metadata; ensure you install vetted packages from official sources. 4) It writes files under ~/.openclaw (workspace, previews, cache); review those files and their permissions if you care about local persistence. 5) If you need higher assurance, review the included scripts (they are provided) or run them in an isolated sandbox before granting real credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97c2h5qw35fbfnd2d1nv2scvx84323g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.