The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes subprocess.run to call the ffmpeg system utility for converting audio files to the AMR format. The implementation uses a list of arguments rather than a shell string, which is a secure practice that prevents shell injection vulnerabilities.
[DATA_EXFILTRATION]: The skill accesses sensitive credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) stored in a local configuration file at ~/.openclaw/.env. These credentials are sent to the official Feishu API endpoint (https://open.feishu.cn) to retrieve session tokens, which is the intended behavior for the skill's messaging functionality.

feishu-voice-sender