Oathe Security Badge

Is 349840432m-dev/feishu-user-md safe?

https://clawhub.ai/349840432m-dev/feishu-user-md

96
SAFE

This skill is a legitimate task management utility that reads and parses markdown content from a local USER.md file to display formatted task lists in Feishu/Lark chat interface. The code only uses built-in Node.js modules for file reading and text processing, with no evidence of malicious behavior, prompt injection, or unauthorized data access.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

INFO Reads User Task Data -5

The skill reads from ~/.openclaw/workspace/USER.md which contains user task lists and schedules. This is the intended functionality but users should be aware the skill accesses their task data.

LOW Network Activity During Install -10

Standard network connections to package repositories during installation process, including DNS queries and HTTPS connections to clawhub.ai infrastructure.