openclaw-feishu-webhook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). Yes — the prompt explicitly shows inserting live secrets (server password in sshpass and App Secret/Verification Token) directly into commands and config files, which requires handling and potentially echoing secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs connecting as root and making system-level changes—installing nginx, writing /etc/nginx/conf.d/feishu.conf, and running systemctl enable/start—actions that require sudo/root and modify the machine state.