feishu-evolver-wrapper

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the wrapper contains multiple intentional-looking backdoor/abuse-capable patterns — notably dynamic evaluation of untrusted child stdout (new Function / eval-like fallback) enabling remote code execution, automated exfiltration of logs/history and system telemetry to external Feishu endpoints (including using a stored token without robust scanning in all places), automated git push/auto-repair and npm installs (capable of altering the repo or pulling/execing supply-chain code), watchdog/cron/daemon logic that grants persistence, and some log-cleaning that can remove forensic traces — together these provide clear vectors for RCE, data exfiltration, persistence and supply-chain abuse.