Scan Report
5 /100
agent-factory
创建新的 OpenClaw Agent 并自动配置飞书机器人
Agent factory skill creates OpenClaw agents with Feishu bot binding. All capabilities (shell, filesystem, network) are declared and necessary for the documented functionality. No malicious indicators detected.
Safe to install
No action required. Skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Uses openclaw CLI, clawhub, curl - all documented |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md: Creates ~/.openclaw/workspace-{name}/ files |
| Network | READ | READ | ✓ Aligned | SKILL.md: Validates credentials via Feishu API https://open.feishu.cn |
1 findings
Medium External URL 外部 URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal SKILL.md:36 File Tree
2 files · 18.6 KB · 657 lines Markdown 1f · 652L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands are documented platform tools (openclaw, clawhub)
✓ Network calls limited to Feishu API for credential validation
✓ Atomic file writes with backup demonstrate good security practice
✓ No credential exfiltration - appSecret stored only in local config
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No base64/eval patterns or suspicious encoded payloads
✓ No external script downloads (curl|bash, wget|sh)