Skill Trust Decision
qclaw-watchdog
Hardcoded Feishu API credentials exposed in config.json combined with undocumented shell execution for process and application control operations.
Most direct threat evidence
Critical
Hardcoded Feishu API Credentials in config.json config.json contains hardcoded app_id (cli_a9333bca0c78dceb) and app_secret (jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L) which are exposed credentials that could be used to send messages via the Feishu bot API.
config.json:3 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 3 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
What drove the risk score up
Hardcoded credentials in config.json +35
Feishu app_id and app_secret exposed in plain text in a distributed config file
Undocumented shell execution +20
SKILL.md does not declare use of exec for pgrep, open, osascript, pkill commands
Process control capabilities +10
Ability to start/stop/kill arbitrary processes (QClaw) on the system
Most important evidence
Critical
Hardcoded Feishu API Credentials in config.json
config.json contains hardcoded app_id (cli_a9333bca0c78dceb) and app_secret (jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L) which are exposed credentials that could be used to send messages via the Feishu bot API.
config.json:3 Remove credentials from config.json. Use environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) instead. Add config.json to .gitignore.
High
Undocumented Shell Command Execution
SKILL.md does not declare the use of shell execution via child_process.exec. The code executes pgrep, open, osascript, and pkill commands to manage the QClaw application.
watchdog.js:81 Document shell:WRITE capability in SKILL.md or use Node.js APIs like process.kill() instead of exec.
High
Application Control via osascript
Uses osascript to send AppleScript commands to quit applications, which could be extended to control any application on macOS.
watchdog.js:228 Document the scope of application control. Consider restricting to known applications only.
Medium
Missing Referenced Scripts
SKILL.md references update.sh and publish.sh scripts that do not exist in the repository.
SKILL.md:90 Implement or remove references to update.sh and publish.sh scripts.
Low
Extended Check Interval
config.json sets check_interval_ms to 18000000 (5 hours), which may not match the documented default of 180000 (3 minutes).
config.json:15 Align with documented defaults or update documentation.
Declared capability vs actual capability
Filesystem Block
Declared READ
→ Inferred WRITE
watchdog.js:67 fs.appendFileSync(LOG_FILE) Shell Block
Declared NONE
→ Inferred WRITE
watchdog.js:81 execPromise('pgrep -f QClaw'), watchdog.js:228 execPromise('open -a QClaw') Network Pass
Declared NONE
→ Inferred READ
watchdog.js:115 fetch(QCLAW_HEALTH_URL), Feishu WebSocket/SDK calls Environment Pass
Declared NONE
→ Inferred READ
watchdog.js:25-34 process.env reads for config Suspicious artifacts and egress
Medium External URL
http://127.0.0.1:28789/health SKILL.md:46
Medium External URL
https://open.feishu.cn/ SKILL.md:205
Medium External URL
https://open.feishu.cn/api-explorer/cli_a9333bca0c78dceb?apiName=create&project=im&resource=message&version=v1 SKILL.md:226
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| @larksuiteoapi/node-sdk | unpinned | npm | No | SDK version not specified in package.json (no package.json found) |
File composition
6 files · 855 lines
JavaScript 1 files · 522 linesMarkdown 1 files · 239 linesShell 2 files · 74 linesJSON 1 files · 19 linesText 1 files · 1 lines
Files of concern · 3
config.json Hardcoded Feishu API Credentials in config.json · Extended Check Interval
watchdog.js Undocumented Shell Command Execution · Application Control via osascript
SKILL.md Missing Referenced Scripts · http://127.0.0.1:28789/health · https://open.feishu.cn/ · https://open.feishu.cn/api-explorer/cli_a9333bca0c78dceb?apiName=create&project=im&resource=message&version=v1
Other files · init-config.sh · start.sh · version.txt
Security positives
Uses Lark SDK (@larksuiteoapi/node-sdk) instead of raw HTTP requests for Feishu integration
No base64-encoded payloads or obfuscated code
No suspicious network connections to unknown external IPs
No credential exfiltration mechanisms observed
Logging to separate files for audit trail