安全决策报告
qclaw-watchdog
Hardcoded Feishu API credentials exposed in config.json combined with undocumented shell execution for process and application control operations.
最直接的威胁证据
严重
Hardcoded Feishu API Credentials in config.json config.json contains hardcoded app_id (cli_a9333bca0c78dceb) and app_secret (jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L) which are exposed credentials that could be used to send messages via the Feishu bot API.
config.json:3 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 3 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 3 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
风险分是怎么被拉高的
Hardcoded credentials in config.json +35
Feishu app_id and app_secret exposed in plain text in a distributed config file
Undocumented shell execution +20
SKILL.md does not declare use of exec for pgrep, open, osascript, pkill commands
Process control capabilities +10
Ability to start/stop/kill arbitrary processes (QClaw) on the system
最关键的证据
严重
Hardcoded Feishu API Credentials in config.json
config.json contains hardcoded app_id (cli_a9333bca0c78dceb) and app_secret (jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L) which are exposed credentials that could be used to send messages via the Feishu bot API.
config.json:3 Remove credentials from config.json. Use environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) instead. Add config.json to .gitignore.
高危
Undocumented Shell Command Execution
SKILL.md does not declare the use of shell execution via child_process.exec. The code executes pgrep, open, osascript, and pkill commands to manage the QClaw application.
watchdog.js:81 Document shell:WRITE capability in SKILL.md or use Node.js APIs like process.kill() instead of exec.
高危
Application Control via osascript
Uses osascript to send AppleScript commands to quit applications, which could be extended to control any application on macOS.
watchdog.js:228 Document the scope of application control. Consider restricting to known applications only.
中危
Missing Referenced Scripts
SKILL.md references update.sh and publish.sh scripts that do not exist in the repository.
SKILL.md:90 Implement or remove references to update.sh and publish.sh scripts.
低危
Extended Check Interval
config.json sets check_interval_ms to 18000000 (5 hours), which may not match the documented default of 180000 (3 minutes).
config.json:15 Align with documented defaults or update documentation.
声明能力 vs 实际能力
文件系统 阻止
声明 READ
→ 推断 WRITE
watchdog.js:67 fs.appendFileSync(LOG_FILE) 命令执行 阻止
声明 NONE
→ 推断 WRITE
watchdog.js:81 execPromise('pgrep -f QClaw'), watchdog.js:228 execPromise('open -a QClaw') 网络访问 通过
声明 NONE
→ 推断 READ
watchdog.js:115 fetch(QCLAW_HEALTH_URL), Feishu WebSocket/SDK calls 环境变量 通过
声明 NONE
→ 推断 READ
watchdog.js:25-34 process.env reads for config 可疑产物与外联
中危 外部 URL
http://127.0.0.1:28789/health SKILL.md:46
中危 外部 URL
https://open.feishu.cn/ SKILL.md:205
中危 外部 URL
https://open.feishu.cn/api-explorer/cli_a9333bca0c78dceb?apiName=create&project=im&resource=message&version=v1 SKILL.md:226
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| @larksuiteoapi/node-sdk | unpinned | npm | 否 | SDK version not specified in package.json (no package.json found) |
文件构成
6 个文件 · 855 行
JavaScript 1 个文件 · 522 行Markdown 1 个文件 · 239 行Shell 2 个文件 · 74 行JSON 1 个文件 · 19 行Text 1 个文件 · 1 行
需关注文件 · 3
config.json Hardcoded Feishu API Credentials in config.json · Extended Check Interval
watchdog.js Undocumented Shell Command Execution · Application Control via osascript
SKILL.md Missing Referenced Scripts · http://127.0.0.1:28789/health · https://open.feishu.cn/ · https://open.feishu.cn/api-explorer/cli_a9333bca0c78dceb?apiName=create&project=im&resource=message&version=v1
其他文件 · init-config.sh · start.sh · version.txt
安全亮点
Uses Lark SDK (@larksuiteoapi/node-sdk) instead of raw HTTP requests for Feishu integration
No base64-encoded payloads or obfuscated code
No suspicious network connections to unknown external IPs
No credential exfiltration mechanisms observed
Logging to separate files for audit trail