subscribe-filter-feishu Security Report — Trusted | ClawSafe

5 /100

subscribe-filter-feishu

订阅-过滤-飞书推送。通过WebSocket订阅数据流，大模型智能过滤，自动推送到飞书。

这是一个合法的 WebSocket 订阅 + LLM 过滤 + 飞书推送工具，代码结构清晰，无恶意行为，权限使用与声明一致。

Skill Namesubscribe-filter-feishu

Duration17.1s

Enginepi

✓

Safe to install

可直接使用。建议用户妥善保管配置文件中的 API 密钥。

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	scripts/receiver.js:18-23 配置文件读写、日志写入、PID管理
Network	`READ+WRITE`	`READ+WRITE`	✓ Aligned	WebSocket 连接接收数据、调用飞书 API 和大模型 API
Shell	`NONE`	`NONE`	—	无 shell 调用

27 findings

🔗

Medium External URL 外部 URL

https://ark.cn-beijing.volces.com/api/v3

SKILL.md:38

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz

package-lock.json:17

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/axios/-/axios-1.13.6.tgz

package-lock.json:23

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz

package-lock.json:34

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz

package-lock.json:47

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz

package-lock.json:59

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz

package-lock.json:68

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz

package-lock.json:82

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz

package-lock.json:91

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz

package-lock.json:100

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz

package-lock.json:112

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.15.11.tgz

package-lock.json:127

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/form-data/-/form-data-4.0.5.tgz

package-lock.json:147

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz

package-lock.json:163

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz

package-lock.json:172

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz

package-lock.json:196

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz

package-lock.json:209

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz

package-lock.json:221

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz

package-lock.json:233

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/hasown/-/hasown-2.0.2.tgz

package-lock.json:248

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz

package-lock.json:260

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime-db/-/mime-db-1.52.0.tgz

package-lock.json:269

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime-types/-/mime-types-2.1.35.tgz

package-lock.json:278

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz

package-lock.json:290

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ws/-/ws-8.19.0.tgz

package-lock.json:296

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal

scripts/receiver.js:147

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id

scripts/receiver.js:185

File Tree

5 files · 23.9 KB · 832 lines

JavaScript 1f · 374L JSON 3f · 338L Markdown 1f · 120L

├─ ▾ 📁 scripts

│ └─ 📜 receiver.js JavaScript 374L · 9.9 KB

├─ 📋 metadata.json JSON 9L · 289 B

├─ 📋 package-lock.json JSON 316L · 10.7 KB

├─ 📋 package.json JSON 13L · 289 B

└─ 📝 SKILL.md Markdown 120L · 2.7 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`ws`	`^8.14.2`	npm	No	WebSocket 客户端，常规用途
`axios`	`^1.6.0`	npm	No	HTTP 客户端，用于调用飞书和大模型 API

Security Positives

✓ 敏感信息不硬编码，通过配置文件管理（~/.openclaw/subscribe-filter-feishu.json）

✓ PID 管理防止重复启动

✓ 指数退避重连机制

✓ 统计持久化

✓ 飞书 token 自动刷新

✓ 异常兜底处理（uncaughtException/unhandledRejection）

✓ 优雅关闭机制

✓ 代码结构清晰，注释完整

Scan Report

File Tree

Dependencies 2 items

Security Positives