← Back to Scanner

@m1heng-clawd/feishu Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

@m1heng-clawd/feishu is an AI agent skill, created by m1heng and published at m1heng/clawdbot-feishu. ClawSecure audited @m1heng-clawd/feishu across 90 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 15/100 (High Risk). The 15 findings concentrate in Supply Chain, Malicious Code and Code Injection, including Vulnerability in vitest@2.1.8: Vitest allows Remote Code… and Attempts to access sensitive file: MEMORY.md. 7 were rated high or critical severity.

Is @m1heng-clawd/feishu safe?

ClawSecure audited @m1heng-clawd/feishu and assigned a security score of 15/100 (High Risk), identifying 15 findings across Supply Chain and Malicious Code. Review the findings below before installing.

What did ClawSecure find in @m1heng-clawd/feishu?

ClawSecure identified 15 findings in @m1heng-clawd/feishu, concentrated in Supply Chain, Malicious Code and Code Injection. 7 were rated high or critical severity. The most severe include Vulnerability in vitest@2.1.8: Vitest allows Remote Code… and Attempts to access sensitive file: MEMORY.md.

How was @m1heng-clawd/feishu audited?

ClawSecure ran @m1heng-clawd/feishu through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 90 files from m1heng/clawdbot-feishu.

What does a score of 15 mean?

ClawSecure assigned @m1heng-clawd/feishu a security score of 15/100, placing it in the High Risk range. This is driven by 15 findings led by Supply Chain that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for @m1heng-clawd/feishu

ClawSecure detected 15 security findings in @m1heng-clawd/feishu, spanning Supply Chain, Malicious Code, Code Injection and Permissions Manifest.

Showing the 12 highest-severity of 15 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for @m1heng-clawd/feishu

Update and pin dependencies
@m1heng-clawd/feishu depends on packages with supply-chain risk. Pin every dependency to an exact version, update packages with known CVEs to patched releases, and re-audit after each change. ClawSecure checks every dependency against known CVE databases.
Audit external network connections
@m1heng-clawd/feishu connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.
Eliminate dynamic code execution
@m1heng-clawd/feishu evaluates code at runtime (for example eval or dynamic exec). Remove dynamic evaluation of untrusted input, and where code generation is unavoidable, sandbox it and validate every input.

Related Security Research

AI Agent Supply Chain Attacks: How Dependencies Become WeaponsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

62ac696296b54aadScore 0/100understand-anythingScore 0/1006bc837afc1a86e89Score 0/1009c0a7c48db776b22Score 25/1009c0a7c48db776b22Score 25/100

Scanned on March 5, 2026. @m1heng-clawd/feishu is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan