Back to plugin

Security audit

Ask Me First

Security checks across malware telemetry and agentic risk

Overview

This avatar mostly matches its stated purpose, but it needs review because it can automatically speak for you, grants first-contact admin by default, requests broad Feishu permissions, and uses unsafe dynamic rule evaluation.

Before installing, preconfigure the real admin user, disable first-sender auto-admin unless you fully control first contact, grant Feishu least-privilege scopes, and avoid editable escalation rules until the `eval` implementation is replaced. Also review the workspace files because the avatar stores conversation-derived learning data and can automatically reply on your behalf.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/tools/context.ts:32
Evidence
exec('git log --oneline -5', { cwd: dir, timeout: 3000 }, (err: any, stdout: string) => {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/tools/presence.ts:73
Evidence
exec(`powershell -NoProfile -Command "${script.replace(/"/g, '`"')}"`, (err: any, stdout: string) => {

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
src/escalation/rules.ts:63
Evidence
const ok = eval(rule.condition.replace(/state\./g, 'safeState.').replace(/identity\./g, 'safeIdentity.'));