feishu-group-welcome
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill interacts with the official Feishu API to perform its stated group management functions.
- [CREDENTIALS_UNSAFE]: The code appropriately handles authentication by reading credentials from environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) or a local configuration file (~/.openclaw/.env). No hardcoded secrets were found.
- [DATA_EXFILTRATION]: Network activity is restricted to the official Feishu API domain (open.feishu.cn) for legitimate bot operations. There are no attempts to send data to unauthorized external servers.
Audit Metadata