The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive local file paths to retrieve Feishu API credentials. Specifically, scripts/extract_chat.py reads ~/.openclaw/agents/main/agent/feishu-app-token.txt and scripts/monitor_external_aj.py reads ~/.openclaw/.env to fetch FEISHU_APP_ID and FEISHU_APP_SECRET.- [COMMAND_EXECUTION]: The script scripts/monitor_wulao.py uses subprocess.run to execute other scripts within the skill. While currently using hardcoded arguments, spawning subprocesses is a risky capability that should be monitored.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted chat data from Feishu (ingestion points: scripts/extract_chat.py and scripts/monitor_*.py). It lacks boundary markers or sanitization to prevent the agent from obeying instructions embedded in chat messages. When combined with capabilities like file writing in scripts/monitor_with_intimacy.py and command execution in scripts/monitor_wulao.py, this poses a low-level risk of indirect influence on the agent's behavior.- [COMMAND_EXECUTION]: Multiple scripts use sys.path.insert with hardcoded absolute user paths (e.g., /Users/delta/.openclaw/...) to dynamically load local modules. This makes the skill environment-dependent and involves dynamic path manipulation which is an unsafe coding practice.

feishu-chat-extractor