create-feishu-agent Skill

Type: OpenClaw Skill Name: create-feishu-agent-skill Version: 1.0.0 The `create-feishu-agent.sh` script is vulnerable to shell injection and path traversal due to direct interpolation of user-provided arguments (`agent_name`, `display_name`) into shell commands (`mkdir -p`, `sed`). If these inputs are not sanitized by the OpenClaw agent or the user, an attacker could create files/directories outside the intended workspace or execute arbitrary commands. Additionally, the script stores the `app_secret` in plain text within `~/.openclaw/openclaw.json`, posing a sensitive data at rest risk. These are significant vulnerabilities, but there is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation.