feishu-bot-manager 安全扫描报告 — 低风险 | ClawSafe

25 /100

feishu-bot-manager

飞书多账户机器人配置管理 Skill - Adds Feishu bot accounts and routing bindings to openclaw config

This is a legitimate Feishu bot configuration management skill that reads/writes local openclaw config files and executes documented openclaw CLI commands for gateway restart. No data exfiltration, credential theft, or obfuscation detected.

技能名称feishu-bot-manager

分析耗时39.4s

引擎pi

✓

可以安装

Accept for use. However, be aware that the skill stores appId/appSecret in plaintext in openclaw.json and requires shell:WRITE permission for gateway restart. These are declared in SKILL.md and are functionally necessary.

安全发现 2 项

严重性	安全发现	位置
低危	Undeclared shell:WRITE permission 权限提升 SKILL.md does not document the shell:WRITE permission required for execSync calls that run 'openclaw gateway restart' and 'openclaw config set'. While the shell commands are legitimate for the skill's purpose, the permission should be declared. `execSync('openclaw config set session.dmScope "per-account-channel-peer"', { stdio: 'pipe' });` → Add shell:WRITE to the skill's declared capabilities in SKILL.md	`index.js:144`
低危	Credentials stored in plaintext config 凭证窃取 appSecret values are stored in plaintext in ~/.openclaw/openclaw.json after being passed as CLI arguments. No encryption or masking is applied. This is consistent with openclaw's native config format, but the skill accepts secrets via process.argv which can leak into shell history. `appSecret: appsecret` → Consider reading credentials from environment variables or prompting interactively instead of CLI args to avoid shell history exposure	`index.js:119`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ+WRITE`	`READ+WRITE`	✓ 一致	index.js:28-29 reads ~/.openclaw/openclaw.json; index.js:71 writes it
命令执行	`NONE`	`WRITE`	✓ 一致	index.js:144 execSync('openclaw config set session.dmScope ...'); index.js:148 e…
网络访问	`NONE`	`NONE`	—	No network calls found in any file
环境变量	`NONE`	`READ`	✓ 一致	index.js:27 uses process.env.HOME for config path — necessary and benign

目录结构

4 文件 · 12.9 KB · 472 行

JavaScript 2f · 320L Markdown 1f · 139L JSON 1f · 13L

├─ ▾ 📁 lib

│ └─ 📜 validator.js JavaScript 68L · 1.4 KB

├─ 📜 index.js JavaScript 252L · 7.4 KB

├─ 📋 package.json JSON 13L · 275 B

└─ 📝 SKILL.md Markdown 139L · 3.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`readline`	`^1.3.0`	npm	否	Node.js built-in module, re-exported as dependency

安全亮点

✓ All code is in plain, readable JavaScript — no obfuscation detected

✓ No base64-encoded commands, no reverse shells, no C2 communication

✓ No hidden functionality — implementation matches SKILL.md purpose

✓ Automatic backup creation before config modification

✓ Input validation via regex for App ID, Chat ID, Account ID formats

✓ Graceful error handling with fallback messages when openclaw commands fail

✓ Credentials are written only to local config file — not exfiltrated anywhere

✓ No malicious dependencies — package.json has only 'readline' with pinned version