Is henryjing96/feishu-deep-research safe?

https://github.com/openclaw/skills/tree/main/skills/henryjing96/feishu-deep-research

56
CAUTION

This skill provides legitimate Feishu research integration capabilities but exhibits concerning behavior by accessing sensitive credential files during installation. While the functionality appears genuine, the unauthorized access to SSH keys, AWS credentials, and other secrets represents a significant security risk.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 15/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 35/100 · 10%
Canary Integrity 30/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (4)

CRITICAL Sensitive Credential Files Accessed -85

During installation, the system monitoring detected access to multiple sensitive credential files including SSH private keys, AWS credentials, environment files, npm config, Docker config, and Google Cloud credentials. This represents a severe security risk as these files contain secrets that could enable unauthorized access to external systems.

HIGH Out-of-Scope File System Access -65

The skill accessed files outside its designated working directory, specifically targeting credential and configuration files across the user's home directory. This indicates potential reconnaissance or credential harvesting behavior.

MEDIUM Prescriptive Tool Usage Instructions -15

The skill contains extensive instructions that mandate specific tool usage (exec + curl) over wrapper tools, potentially overriding normal agent behavior patterns. While stated for transparency, this represents a form of behavioral control.

MEDIUM Honeypot File Access Without Modification -70

Multiple honeypot credential files were accessed during installation but not modified. While files remain intact, unauthorized access to credential honeypots indicates potential malicious reconnaissance behavior.