@m1heng-clawd/feishu Security Audit Report
🔭 Continuously monitored by ClawSecure Watchtower
@m1heng-clawd/feishu is a Other skill for the OpenClaw ecosystem, created by m1heng. ClawSecure audited this skill through our 3-Layer Audit Protocol covering all 10 OWASP ASI Top 10 categories. This skill received a security score of 0/100, indicating significant security concerns that require attention. The audit identified 30 findings, with issues detected across multiple security layers.
3-Layer Audit Protocol
Security Recommendations for @m1heng-clawd/feishu
Pin npm dependencies to exact versions
Unpinned dependencies allow supply chain attacks where a compromised package version is automatically pulled into your skill. Use exact version numbers in package.json (e.g.,
1.2.3 instead of ^1.2.3) to prevent unauthorized code from entering your dependency tree. ClawSecure's supply chain scanning checks every dependency against known CVE databases.Add a config.json permissions manifest
A config.json file declares what permissions your OpenClaw skill needs — file system access, network requests, shell execution, and more. Without it, users have no visibility into what your skill can do before installing. Adding a permissions manifest is the single most impactful security improvement for any OpenClaw skill.
Review shell execution permissions
This skill uses shell execution capabilities. While shell access is standard for many useful OpenClaw automations, it's important to validate that commands are constructed from trusted inputs only. Avoid passing user-controlled strings directly to shell commands, and consider restricting execution to a specific set of allowed commands.
Related OpenClaw Security Research
41% of Popular OpenClaw Skills Have Security Vulnerabilities→Securing the OpenClaw Ecosystem: Your Complete Guide→Related Other Security Audits
Scanned on March 13, 2026. @m1heng-clawd/feishu is one of 2,890+ agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.