openclaw-feishu-group-chat

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The included runtime script fetches contact data from Feishu API endpoints (https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal and https://open.feishu.cn/open-apis/contact/v3/users/find_by_department?department_id=0), and writes that data into USER.md which is injected into the agent's workspace/system prompt—i.e., remote content fetched at runtime directly controls the agent's context and behavior.