openclaw-feishu-webhook
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The agent is instructed in
.agent/instructions.mdto collect the server's root password and Feishu application credentials (App ID, App Secret, Verification Token) directly from the user. Handling raw root credentials increases the risk of accidental exposure or logging.\n- [COMMAND_EXECUTION]: The skill utilizessshpassto execute commands on a remote server. Using the-pflag to pass a password in plaintext is a known security vulnerability as the password becomes visible to any process or user capable of viewing the system's process list (e.g., usingps).\n- [COMMAND_EXECUTION]: The agent performs high-privilege operations on the remote host, including installing the Nginx package and writing configuration files to protected system directories like/etc/nginx/conf.d/. This level of access grants the agent full control over the target server's configuration.
Recommendations
- AI detected serious security threats
Audit Metadata