Feishu Evolver Wrapper
Feishu-integrated wrapper for the capability-evolver. Manages the evolution loop lifecycle (start/stop/ensure), sends rich Feishu card reports, and provides...
README.md
text/markdown · 287 字节
SKILL.md
text/markdown · 1281 字节
check_health.js
text/javascript · 2438 字节
cleanup.js
text/javascript · 1659 字节
commentary.js
text/javascript · 1659 字节
daemon.sh
text/plain · 1512 字节
exec_cache.js
text/javascript · 780 字节
export_history.js
text/javascript · 3512 字节
feishu-helper.js
text/javascript · 9934 字节
index.js
text/javascript · 85794 字节
issue_tracker.js
text/javascript · 5266 字节
lifecycle.js
text/javascript · 34317 字节
package.json
application/json · 199 字节
report.js
text/javascript · 19314 字节
self-repair.js
text/javascript · 2018 字节
send-card-cli.js
text/javascript · 1026 字节
skills_monitor.js
text/javascript · 5967 字节
trigger.js
text/javascript · 410 字节
utils/dashboard-generator.js
text/javascript · 6922 字节
utils/logger.js
text/javascript · 926 字节
utils/resolve-evolver.js
text/javascript · 1081 字节
utils/sleep.js
text/javascript · 402 字节
visualize_dashboard.js
text/javascript · 7415 字节
weekly_insight.js
text/javascript · 4768 字节
Security Scan
状态
suspicious
OpenClaw
gpt-5-mini
OpenClaw 分析
The code mostly matches a Feishu reporting / lifecycle wrapper, but it uses many undeclared environment variables, reads/writes workspace/system files, spawns detached daemons, and builds/executes shell commands — behaviors that are coherent with the stated purpose but are broader and more persistent than the SKILL.md/registry metadata declare.
置信度: medium
VirusTotal
Type: OpenClaw Skill Name: feishu-evolver-wrapper Version: 1.8.0 The skill bundle acts as a complex lifecycle manager and reporting wrapper for an 'evolver' agent, exhibiting several high-risk capabilities. Key indicators include automated Git synchronization (add/commit/push to origin), the creation of persistent background tasks via OpenClaw's cron system (lifecycle.js), and a bridge mechanism in index.js that parses stdout to dynamically spawn new agents with arbitrary tasks using 'openclaw agent'. While the code includes defensive features like a secret scanner (feishu-helper.js) and a kill switch, the extensive use of shell command execution and the autonomous nature of the agent-spawning logic present a significant attack surface for command injection and unintended persistence.