Feishu Evolver Wrapper

feishu-evolver-wrapper v1.8.0 - Introduced new utility: utils/resolve-evolver.js - Refactored and updated core logic across 11 files, including health checks, reporting, dashboard generation, and lifecycle management. - Removed deprecated file _meta.json. - Updated dependencies and metadata in package.json. - General improvements to robustness, maintainability, and modularity.

OpenClaw 分析

The code mostly matches a Feishu reporting / lifecycle wrapper, but it uses many undeclared environment variables, reads/writes workspace/system files, spawns detached daemons, and builds/executes shell commands — behaviors that are coherent with the stated purpose but are broader and more persistent than the SKILL.md/registry metadata declare.

置信度: medium

VirusTotal

Type: OpenClaw Skill Name: feishu-evolver-wrapper Version: 1.8.0 The skill bundle acts as a complex lifecycle manager and reporting wrapper for an 'evolver' agent, exhibiting several high-risk capabilities. Key indicators include automated Git synchronization (add/commit/push to origin), the creation of persistent background tasks via OpenClaw's cron system (lifecycle.js), and a bridge mechanism in index.js that parses stdout to dynamically spawn new agents with arbitrary tasks using 'openclaw agent'. While the code includes defensive features like a secret scanner (feishu-helper.js) and a kill switch, the extensive use of shell command execution and the autonomous nature of the agent-spawning logic present a significant attack surface for command injection and unintended persistence.