by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's behavior mostly matches its description (it edits ~/.openclaw/openclaw.json, backs up, sets dmScope and restarts the gateway), but there are several mismatches and sloppy/odd items that warrant caution before installing.
评估建议
What to consider before installing/using this skill:
- The skill will read and overwrite your OpenClaw configuration at ~/.openclaw/openclaw.json and restart the OpenClaw gateway. Back up that file before running the tool.
- You will need to provide Feishu App ID and App Secret; those secrets will be written into openclaw.json in plaintext. Make sure you are comfortable storing them there.
- The code calls the 'openclaw' CLI but the skill metadata does not declare that binary as required — ensur...详细分析 ▾
⚠ 用途与能力
The skill is described as a Feishu bot/agent binder and the code implements that by editing ~/.openclaw/openclaw.json and restarting the OpenClaw gateway — that is consistent. However the package metadata/registry claims no required binaries while the code calls the 'openclaw' CLI (openclaw config set ... and openclaw gateway restart). The skill should have declared 'openclaw' as a required binary. Also package.json lists an external dependency 'readline' (unnecessary because Node provides a builtin 'readline'), which is odd and could pull an unrelated npm package if someone runs npm install.
ℹ 指令范围
SKILL.md describes interactive and CLI flows to add App ID/App Secret and configure routing; index.js implements those flows and performs the stated steps (backup, modify channels.feishu.accounts, add bindings, set session.dmScope, restart gateway). A minor logic/validation mismatch exists: lib/validator.js flags missing binding.match.peer.id even for account-level bindings (this will cause false validation errors for legitimate account-level bindings). The skill does write App Secret into openclaw.json (expected for service credentials) and uses HOME to locate the config.
ℹ 安装机制
There is no install spec (instruction-only is lower risk). However the repository includes a package.json that declares an external dependency ('readline') which is unnecessary and suspiciously sloppy — if a user runs npm install in this package it could fetch a third-party package. No remote downloads or extract steps are present in the skill itself.
✓ 凭证需求
The skill does not request additional environment credentials. It expects to read/write the user's OpenClaw config at ~/.openclaw/openclaw.json (uses process.env.HOME) and requires the user to supply Feishu App ID and App Secret, which is proportionate for adding a bot account. It stores appSecret in the config file in plaintext (typical but sensitive).
✓ 持久化与权限
The skill is not always-enabled and does not request platform-level persistent privileges. It will create backups and modify the user's OpenClaw configuration and restart the gateway — actions that are necessary for its function but also have real impact. This modification of a system config file is within the skill's claimed scope.
⚠ index.js:169
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install guantou-feishu-bot-connector
镜像加速npx clawhub@latest install guantou-feishu-bot-connector --registry https://cn.longxiaskill.com