Oathe Security Badge

Is skill/feishu-api-cache-fix safe?

https://clawhub.ai/skill/feishu-api-cache-fix

98
SAFE

This skill appears to be a legitimate tool for fixing Feishu API rate limiting issues in OpenClaw by adding a 2-hour cache to API calls. The code is well-scoped and matches its stated purpose, though it requires sudo privileges to modify system files.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

MEDIUM Requires sudo execution -10

The skill requires sudo privileges to execute fix_feishu_cache.sh, which modifies system files. While the specific use appears legitimate for fixing OpenClaw's Feishu integration, elevated privileges introduce inherent risk.

LOW Modifies system files -5

The script overwrites /usr/local/lib/node_modules/openclaw/extensions/feishu/src/probe.ts with new caching logic. Creates backup but directly modifies existing system files.