Pluginv0.1.4

ClawScan security

Feishu Hono · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 7:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin appears to implement a legitimate Feishu webhook channel, but repository artifacts and logging behavior introduce potential credential-leak risks and a mild inconsistency between the README/SKILL.md and files included in the package.
Guidance: This plugin implements the Feishu webhook integration and largely behaves as described, but take these precautions before installing or publishing: - Treat the repository .env file as suspicious: remove any real credentials from source control and rotate any keys that were committed. - The code logs the tenant access token and HTTP request bodies to stdout (see src/feishu/client.ts). Consider removing those console.log lines to avoid leaking tokens to logs/telemetry. - Configure credentials via OpenClaw's channels.feishu-hono (e.g., ~/.openclaw/config.json) as described, not via environment files checked into the repo. - If you plan to install from a published package, inspect the npm package contents (npm pack --dry-run) to ensure .env is not packaged and that dist/ is the only runtime artifact. - If you already used the app secret values present in the repo or published them, rotate the app secret and tenant tokens in Feishu immediately. If you want, I can point to the exact lines that log tokens and suggest a safe patch to remove those logs.

Review Dimensions

Purpose & Capability: noteThe name/description and implementation align: this is a Feishu webhook channel that uses appId/appSecret provided via OpenClaw config (channels.feishu-hono). Requesting no environment variables is coherent for the stated design. However, the repository contains a .env file with FEISHU_APP_ID/FEISHU_APP_SECRET values which contradicts the SKILL.md/README claim that the plugin 'does not read FEISHU_* environment variables' — presence of that file is an incoherence (likely accidental) and could cause accidental credential leakage if published.
Instruction Scope: concernSKILL.md instructs building and configuring credentials in ~/.openclaw/config.json and explicitly says it won't read FEISHU_* env vars. The code follows that model (reads from channels.feishu-hono). However, the code contains console.log statements that print sensitive data (notably console.log('token', token) in src/feishu/client.ts and additional logging of request url/body). Logging the tenant access token and request bodies to stdout is unnecessary for normal operation and risks exposing secrets in logs/telemetry.
Install Mechanism: okNo external download/install spec is included; package is a normal Node plugin (package.json, dist/, bin/). Dependencies are standard (hono/@hono/node-server) and there is no arbitrary remote extract or unknown URL-based installer.
Credentials: concernThe plugin appropriately requires Feishu appId/appSecret in OpenClaw config — that is proportionate. But the repository includes an .env file with concrete-looking FEISHU_APP_ID / FEISHU_APP_SECRET values which is unnecessary and dangerous if those are real credentials. Additionally, the code logs the fetched tenant access token to console, increasing risk that credentials or derived tokens are exposed via logs. The skill declares no required env vars, which matches code behavior, but the presence of .env undermines that claim.
Persistence & Privilege: okThe plugin does not request special platform privileges; always is false and disable-model-invocation is default. It doesn't modify other skills or system-wide configs; it integrates via OpenClaw plugin APIs as expected.