The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's README and installation instructions promote the use of 'zsh <(curl ...)' to execute an installation script from an untrusted GitHub repository (Larkin0302), a dangerous pattern that allows unverified remote code to run with user privileges.
[COMMAND_EXECUTION]: The skill definition in SKILL.md explicitly instructs the agent to use the 'exec' tool to perform shell operations, such as writing configuration data to the /tmp directory and executing Python scripts, enabling arbitrary command execution on the host system.
[CREDENTIALS_UNSAFE]: The installation script and the API utility script (feishu_common.py) read and write sensitive Feishu App ID and App Secret credentials directly within the local OpenClaw configuration file (~/.openclaw/openclaw.json).
[CREDENTIALS_UNSAFE]: The create_bitable_template.py script contains hardcoded administrative identifiers, including a mobile phone number ('18834523581') and a Feishu Open ID ('ou_36479cbaab14f4cdb9a2ef095de386c1'), which are used for permission management and represent sensitive information.
[PROMPT_INJECTION]: The skill uses strong override language ('最高优先级指令') and strict behavioral constraints ('禁止向用户提问', '禁止自己写内容') that attempt to bypass the agent's default safety guidelines and interaction logic.
[EXTERNAL_DOWNLOADS]: The install.sh script automatically fetches and installs third-party Python dependencies (requests) and Node.js plugins from public registries without verifying package integrity or pinning to specific versions.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing untrusted user business descriptions to generate Bitable templates. Ingestion points: User requirements in SKILL.md Phase 1. Boundary markers: Absent. Capability inventory: 'exec' tool usage in SKILL.md for shell execution. Sanitization: Absent.

feishu-bitable