Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feishu Reading Notes
v1.0.0阅读笔记管理工具。当用户发送文章链接并说「阅读笔记」时激活。 支持微信公众号、微博、雪球、B站等平台的文章抓取。 自动分类到飞书云盘,生成 Markdown 格式阅读笔记。 触发条件: - 发送文章链接 + "阅读笔记" - "帮我记一下这篇文章" - "保存这篇文章
⭐ 0· 65·0 current·0 all-time
by@yxc168
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to fetch articles and save Markdown notes to Feishu — the Feishu folder tokens and API calls in SKILL.md are consistent with that purpose. However, instead of declaring credentials as required env vars, the SKILL.md contains hardcoded app_id/app_secret and many folder tokens, which is unexpected and poor practice even if functional.
Instruction Scope
The instructions tell the agent to: open a browser and evaluate page JS to scrape content (reasonable), write files under ~/.openclaw/workspace, create Feishu folders and upload files via the Feishu API (reasonable for the task), and explicitly update SKILL.md itself and a local index file when adding categories. Self-modifying the SKILL.md file and creating/updating files in the user's home directory broaden the scope and raise persistence/taint concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; that lowers install-time risk because nothing new is written to disk by an installer. The runtime still performs file writes and network calls.
Credentials
No required env vars are declared, yet the SKILL.md embeds an app_id and app_secret and multiple folder tokens. Requesting no credentials while shipping hardcoded credentials is inconsistent and problematic: credentials embedded in the instructions may belong to a third party, grant broad access to a Feishu drive, or be stale/compromised. The skill also instructs writing to and reading from ~/.openclaw/workspace, which gives it access to user files in that path.
Persistence & Privilege
always is false and the skill is not forced-included. However, the runtime writes persistent files (saved notes and reading-notes-links.md) into the user's home workspace and instructs updating SKILL.md itself. That creates persistent state on the host and gives the skill ongoing local artifacts — acceptable for a notes tool but worth caution because SKILL.md modification can change future behavior.
What to consider before installing
Before installing or running this skill consider: 1) The SKILL.md contains a hardcoded Feishu app_id and app_secret and many folder tokens — these are sensitive. Ask the publisher to remove embedded credentials and require you to provide your own Feishu app credentials (via env vars) and to document required API scopes. 2) The skill will write files under ~/.openclaw/workspace and update a local reading-notes-links.md; review and sandbox those writes first. 3) The instructions explicitly say to update SKILL.md itself — self-modification can change future behavior; avoid installing unless you trust the source or the SKILL.md is converted to a read-only policy. 4) Verify what Feishu folder(s) the skill will use and whether those folders belong to you; if you must use it, create a dedicated Feishu app/client with minimal drive scopes and rotate/revoke any unknown app_secret found in the file. 5) If unsure, run the skill in an isolated environment and monitor network calls (to open.feishu.cn and other endpoints) and filesystem changes. If the publisher cannot explain why credentials are embedded and why SKILL.md must be modified, treat the skill as risky.Like a lobster shell, security has layers — review code before you run it.
feishuvk976s1fq2e2dgqesc14715z16h83qh27latestvk976s1fq2e2dgqesc14715z16h83qh27notesvk976s1fq2e2dgqesc14715z16h83qh27readingvk976s1fq2e2dgqesc14715z16h83qh27
License
MIT-0
Free to use, modify, and redistribute. No attribution required.