critical
suspicious.dangerous_exec
- Location
- scripts/auto-configure-bot.js:172
- Finding
- Shell command execution detected (child_process).
Feishu Bot Config Helper
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing this way could run unreviewed code on the user's machine.
Why it was flagged
The documented install path executes a remote script directly from the mutable GitHub 'main' branch, so installed code can differ from the reviewed package.
Skill content
curl -fsSL https://raw.githubusercontent.com/jiebao360/feishu-bot-config-helper/main/install.sh | bash
Recommendation
Avoid curl-to-bash installs from mutable branches; install from a pinned release or commit and inspect the installer before running it.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A single configuration run can change which agents exist, which Feishu bot credentials are active, how messages route, and restart the user's gateway service.
Why it was flagged
After parsing a configuration message, the script mutates OpenClaw agents/accounts/bindings, writes the global config file, and restarts the gateway without a visible approval or rollback step.
Skill content
this.addAgent(config, botConfig); this.addFeishuAccount(config, botConfig); this.addBinding(config, botConfig); ... if (!this.writeConfig(config)) ... await this.restartGateway();
Recommendation
Require an explicit local admin confirmation, show a diff, create a backup of openclaw.json, and provide a rollback path before applying changes or restarting the gateway.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
The created bot may be reachable more broadly than intended, and the Feishu app secret becomes part of the persistent OpenClaw configuration.
Why it was flagged
The script stores Feishu app credentials and configures the new account with wildcard direct-message allowance and open group policy.
Skill content
appSecret: botConfig.appSecret, ... dmPolicy: 'allowlist', allowFrom: ['*'], groupPolicy: 'open'
Recommendation
Use narrowly scoped Feishu app credentials, avoid pasting secrets in shared chats, restrict allowFrom/groupPolicy to intended users or groups, and document where secrets are stored.
ConcernHigh Confidence
ASI08: Cascading FailuresWhat this means
Existing OpenClaw agents may be changed unintentionally, and the gateway restart can propagate those changes immediately.
Why it was flagged
The script reuses fixed agent IDs such as work, notes, or generic_content and updates an existing agent's skills when the ID already exists, so a new bot setup can alter an existing agent.
Skill content
const exists = config.agents.list.some(agent => agent.id === botConfig.agentId); if (exists) { ... agent.skills = botConfig.skills; }Recommendation
Detect collisions clearly, require confirmation before updating existing agents or accounts, and prefer unique account/agent IDs for each configured bot.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
The skill can execute local commands that affect the user's OpenClaw service.
Why it was flagged
The script uses shell execution for local setup and gateway restart. The visible commands are fixed and purpose-aligned, but users should notice that the skill runs local commands.
Skill content
const { exec } = require('child_process'); ... exec('openclaw gateway restart', (error) => {Recommendation
Run it only in an environment where you are comfortable allowing the skill to control OpenClaw configuration and gateway lifecycle.