Security Audit

feishu-calendar-manager

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

feishu-calendar-manager received a trust score of 16/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 11 findings: 1 critical, 1 high, 9 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive environment variable access: $USER, Unpinned npm dependency version.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

58%

Dependency Graph

93%

LLM Behavioral Safety

41%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

8 findings

Dynamic Code

2 findings

Excessive Permissions

7 findings

Security Findings11

Severity	Finding	Layer	Location
CRITICAL	Suspicious `dotenv` dependency version indicates potential supply chain risk The `package.json` specifies `dotenv: ^17.2.3` and `package-lock.json` specifies `dotenv: 17.2.4`. The latest public version of the `dotenv` package on npm is `16.x.x`. The use of a non-existent or significantly out-of-sync major version from the official npm registry suggests either a typosquatting attempt, a private/forked dependency that is not clearly indicated, or a misconfiguration. This poses a critical supply chain risk as an attacker could publish a malicious package under the `17.x.x` version range, which would then be installed. Update the `dotenv` dependency to a known, legitimate version (e.g., `^16.0.0`). If `dotenvx.com` (mentioned in `package-lock.json` funding) is an intended fork, ensure it's explicitly named or sourced from a private registry, and the implications are understood. Given the `resolved` URL points to `registry.npmjs.org`, this is highly suspicious and should be immediately investigated.	LLM	package.json:14
HIGH	Shell command injection via unsanitized date arguments in bash scripts The shell scripts `bin/create-event.sh` and `bin/list-events.sh` use user-provided arguments directly within `date -d "$VAR"`. If a malicious user provides input containing shell metacharacters (e.g., `"2026-02-10 14:00:00; rm -rf /"`), it could lead to arbitrary command execution on the host system. The `$START_TIME`, `$END_TIME`, and `$DATE_PARAM` variables are directly taken from script arguments without sanitization. Sanitize user input before passing it to `date -d`. A safer approach would be to strictly validate the input format using regex before passing it to `date`, or to pass the date string to a Node.js script that uses a robust date parsing library and avoids direct shell execution with untrusted input. For example, `date -d "$(printf %q "$START_TIME")"` might help, but it's generally better to avoid direct shell execution with user input for date parsing.	LLM	bin/create-event.sh:40
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sunnull/feishu-calendar-manager/bin/auto-setup.sh:7
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sunnull/feishu-calendar-manager/bin/create-event.sh:8
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sunnull/feishu-calendar-manager/bin/delete-event.sh:7
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sunnull/feishu-calendar-manager/bin/list-events.sh:8
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sunnull/feishu-calendar-manager/bin/setup.sh:7
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sunnull/feishu-calendar-manager/bin/setup.sh:45
MEDIUM	Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^17.2.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/sunnull/feishu-calendar-manager/package.json
MEDIUM	JSON injection via unsanitized user input in `curl` payload The `bin/create-event.sh` script constructs a JSON payload for `curl -d` using user-provided arguments like `$SUMMARY` and `$DESCRIPTION`. If these arguments contain unescaped double quotes (`"`) or other JSON-breaking characters, it can lead to invalid JSON, API errors, or potentially manipulate the API request in unintended ways. This is an injection vulnerability that could lead to data manipulation or denial of service for the API call. Escape user-provided strings (`$SUMMARY`, `$DESCRIPTION`) before embedding them into the JSON payload. A common and safe way is to use `jq -Rsa .` to properly escape the string, or pass the data to a Node.js script that handles JSON serialization safely using `JSON.stringify()`.	LLM	bin/create-event.sh:49
MEDIUM	Sensitive credentials stored in a custom, non-standard configuration file The `bin/auto-setup.sh` and `bin/setup.sh` scripts create and write Feishu `app_id` and `app_secret` to `~/.feishu-config.json`. While `chmod 600` is applied to restrict access, this introduces a new, non-standard location for sensitive credentials outside of the `openclaw.json` or `.secrets.env` files that the Node.js parts of the skill prioritize. This increases the attack surface for credential harvesting and makes credential management and auditing more complex. The `SKILL.md` explicitly states a preference for `~/.openclaw/openclaw.json`, but these shell scripts diverge from that recommendation. Consolidate credential storage to the recommended `~/.openclaw/openclaw.json` or `~/.secrets.env` as prioritized by the Node.js `lark-api.mjs`. The shell scripts should either read directly from these standard locations or prompt the user to configure them there, rather than creating a new, separate secrets file. If a separate file is absolutely necessary, ensure it's clearly documented and its security implications are understood.	LLM	bin/auto-setup.sh:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/450af727e104e7a1.svg)](https://skillshield.io/report/450af727e104e7a1)