@openclaw/feishu 2026.2.17 → 2026.2.21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/feishu",
-  "version": "2026.2.17",
+  "version": "2026.2.21",
   "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)",
   "type": "module",
   "dependencies": {

package/src/bot.checkBotMentioned.test.ts

@@ -5,6 +5,7 @@ import { parseFeishuMessageEvent } from "./bot.js";
 function makeEvent(
   chatType: "p2p" | "group",
   mentions?: Array<{ key: string; name: string; id: { open_id?: string } }>,
+  text = "hello",
 ) {
   return {
     sender: {
@@ -15,7 +16,7 @@ function makeEvent(
       chat_id: "oc_chat1",
       chat_type: chatType,
       message_type: "text",
-      content: JSON.stringify({ text: "hello" }),
+      content: JSON.stringify({ text }),
       mentions,
     },
   };
@@ -62,6 +63,26 @@ describe("parseFeishuMessageEvent – mentionedBot", () => {
     expect(ctx.mentionedBot).toBe(false);
   });
 
+  it("treats mention.name regex metacharacters as literals when stripping", () => {
+    const event = makeEvent(
+      "group",
+      [{ key: "@_bot_1", name: ".*", id: { open_id: BOT_OPEN_ID } }],
+      "@NotBot hello",
+    );
+    const ctx = parseFeishuMessageEvent(event as any, BOT_OPEN_ID);
+    expect(ctx.content).toBe("@NotBot hello");
+  });
+
+  it("treats mention.key regex metacharacters as literals when stripping", () => {
+    const event = makeEvent(
+      "group",
+      [{ key: ".*", name: "Bot", id: { open_id: BOT_OPEN_ID } }],
+      "hello world",
+    );
+    const ctx = parseFeishuMessageEvent(event as any, BOT_OPEN_ID);
+    expect(ctx.content).toBe("hello world");
+  });
+
   it("returns mentionedBot=true for post message with at (no top-level mentions)", () => {
     const BOT_OPEN_ID = "ou_bot_123";
     const postContent = JSON.stringify({

package/src/bot.stripBotMention.test.ts

@@ -0,0 +1,38 @@
+import { describe, expect, it } from "vitest";
+import { stripBotMention, type FeishuMessageEvent } from "./bot.js";
+
+type Mentions = FeishuMessageEvent["message"]["mentions"];
+
+describe("stripBotMention", () => {
+  it("returns original text when mentions are missing", () => {
+    expect(stripBotMention("hello world", undefined)).toBe("hello world");
+  });
+
+  it("strips mention name and key for normal mentions", () => {
+    const mentions: Mentions = [{ key: "@_bot_1", name: "Bot", id: { open_id: "ou_bot" } }];
+    expect(stripBotMention("@Bot hello @_bot_1", mentions)).toBe("hello");
+  });
+
+  it("treats mention.name regex metacharacters as literal text", () => {
+    const mentions: Mentions = [{ key: "@_bot_1", name: ".*", id: { open_id: "ou_bot" } }];
+    expect(stripBotMention("@NotBot hello", mentions)).toBe("@NotBot hello");
+  });
+
+  it("treats mention.key regex metacharacters as literal text", () => {
+    const mentions: Mentions = [{ key: ".*", name: "Bot", id: { open_id: "ou_bot" } }];
+    expect(stripBotMention("hello world", mentions)).toBe("hello world");
+  });
+
+  it("trims once after all mention replacements", () => {
+    const mentions: Mentions = [{ key: "@_bot_1", name: "Bot", id: { open_id: "ou_bot" } }];
+    expect(stripBotMention("  @_bot_1 hello   ", mentions)).toBe("hello");
+  });
+
+  it("strips multiple mentions in one pass", () => {
+    const mentions: Mentions = [
+      { key: "@_bot_1", name: "Bot One", id: { open_id: "ou_bot_1" } },
+      { key: "@_bot_2", name: "Bot Two", id: { open_id: "ou_bot_2" } },
+    ];
+    expect(stripBotMention("@Bot One @_bot_1 hi @Bot Two @_bot_2", mentions)).toBe("hi");
+  });
+});

package/src/bot.ts

@@ -11,8 +11,14 @@ import { resolveFeishuAccount } from "./accounts.js";
 import { createFeishuClient } from "./client.js";
 import { tryRecordMessage } from "./dedup.js";
 import { maybeCreateDynamicAgent } from "./dynamic-agent.js";
-import { downloadImageFeishu, downloadMessageResourceFeishu } from "./media.js";
-import { extractMentionTargets, extractMessageBody, isMentionForwardRequest } from "./mention.js";
+import { normalizeFeishuExternalKey } from "./external-keys.js";
+import { downloadMessageResourceFeishu } from "./media.js";
+import {
+  escapeRegExp,
+  extractMentionTargets,
+  extractMessageBody,
+  isMentionForwardRequest,
+} from "./mention.js";
 import {
   resolveFeishuGroupConfig,
   resolveFeishuReplyPolicy,
@@ -198,17 +204,17 @@ function checkBotMentioned(event: FeishuMessageEvent, botOpenId?: string): boole
   return false;
 }
 
-function stripBotMention(
+export function stripBotMention(
   text: string,
   mentions?: FeishuMessageEvent["message"]["mentions"],
 ): string {
   if (!mentions || mentions.length === 0) return text;
   let result = text;
   for (const mention of mentions) {
-    result = result.replace(new RegExp(`@${mention.name}\\s*`, "g"), "").trim();
-    result = result.replace(new RegExp(mention.key, "g"), "").trim();
+    result = result.replace(new RegExp(`@${escapeRegExp(mention.name)}\\s*`, "g"), "");
+    result = result.replace(new RegExp(escapeRegExp(mention.key), "g"), "");
   }
-  return result;
+  return result.trim();
 }
 
 /**
@@ -224,18 +230,20 @@ function parseMediaKeys(
 } {
   try {
     const parsed = JSON.parse(content);
+    const imageKey = normalizeFeishuExternalKey(parsed.image_key);
+    const fileKey = normalizeFeishuExternalKey(parsed.file_key);
     switch (messageType) {
       case "image":
-        return { imageKey: parsed.image_key };
+        return { imageKey };
       case "file":
-        return { fileKey: parsed.file_key, fileName: parsed.file_name };
+        return { fileKey, fileName: parsed.file_name };
       case "audio":
-        return { fileKey: parsed.file_key };
+        return { fileKey };
       case "video":
         // Video has both file_key (video) and image_key (thumbnail)
-        return { fileKey: parsed.file_key, imageKey: parsed.image_key };
+        return { fileKey, imageKey };
       case "sticker":
-        return { fileKey: parsed.file_key };
+        return { fileKey };
       default:
         return {};
     }
@@ -277,7 +285,10 @@ function parsePostContent(content: string): {
             }
           } else if (element.tag === "img" && element.image_key) {
             // Embedded image
-            imageKeys.push(element.image_key);
+            const imageKey = normalizeFeishuExternalKey(element.image_key);
+            if (imageKey) {
+              imageKeys.push(imageKey);
+            }
           }
         }
         textContent += "\n";

package/src/channel.ts

@@ -89,6 +89,7 @@ export const feishuPlugin: ChannelPlugin<ResolvedFeishuAccount> = {
         },
         connectionMode: { type: "string", enum: ["websocket", "webhook"] },
         webhookPath: { type: "string" },
+        webhookHost: { type: "string" },
         webhookPort: { type: "integer", minimum: 1 },
         dmPolicy: { type: "string", enum: ["open", "pairing", "allowlist"] },
         allowFrom: { type: "array", items: { oneOf: [{ type: "string" }, { type: "number" }] } },
@@ -118,6 +119,9 @@ export const feishuPlugin: ChannelPlugin<ResolvedFeishuAccount> = {
               verificationToken: { type: "string" },
               domain: { type: "string", enum: ["feishu", "lark"] },
               connectionMode: { type: "string", enum: ["websocket", "webhook"] },
+              webhookHost: { type: "string" },
+              webhookPath: { type: "string" },
+              webhookPort: { type: "integer", minimum: 1 },
             },
           },
         },

package/src/config-schema.test.ts

@@ -0,0 +1,66 @@
+import { describe, expect, it } from "vitest";
+import { FeishuConfigSchema } from "./config-schema.js";
+
+describe("FeishuConfigSchema webhook validation", () => {
+  it("rejects top-level webhook mode without verificationToken", () => {
+    const result = FeishuConfigSchema.safeParse({
+      connectionMode: "webhook",
+      appId: "cli_top",
+      appSecret: "secret_top",
+    });
+
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      expect(
+        result.error.issues.some((issue) => issue.path.join(".") === "verificationToken"),
+      ).toBe(true);
+    }
+  });
+
+  it("accepts top-level webhook mode with verificationToken", () => {
+    const result = FeishuConfigSchema.safeParse({
+      connectionMode: "webhook",
+      verificationToken: "token_top",
+      appId: "cli_top",
+      appSecret: "secret_top",
+    });
+
+    expect(result.success).toBe(true);
+  });
+
+  it("rejects account webhook mode without verificationToken", () => {
+    const result = FeishuConfigSchema.safeParse({
+      accounts: {
+        main: {
+          connectionMode: "webhook",
+          appId: "cli_main",
+          appSecret: "secret_main",
+        },
+      },
+    });
+
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      expect(
+        result.error.issues.some(
+          (issue) => issue.path.join(".") === "accounts.main.verificationToken",
+        ),
+      ).toBe(true);
+    }
+  });
+
+  it("accepts account webhook mode inheriting top-level verificationToken", () => {
+    const result = FeishuConfigSchema.safeParse({
+      verificationToken: "token_top",
+      accounts: {
+        main: {
+          connectionMode: "webhook",
+          appId: "cli_main",
+          appSecret: "secret_main",
+        },
+      },
+    });
+
+    expect(result.success).toBe(true);
+  });
+});

package/src/config-schema.ts

@@ -127,6 +127,7 @@ export const FeishuAccountConfigSchema = z
     domain: FeishuDomainSchema.optional(),
     connectionMode: FeishuConnectionModeSchema.optional(),
     webhookPath: z.string().optional(),
+    webhookHost: z.string().optional(),
     webhookPort: z.number().int().positive().optional(),
     capabilities: z.array(z.string()).optional(),
     markdown: MarkdownConfigSchema,
@@ -162,6 +163,7 @@ export const FeishuConfigSchema = z
     domain: FeishuDomainSchema.optional().default("feishu"),
     connectionMode: FeishuConnectionModeSchema.optional().default("websocket"),
     webhookPath: z.string().optional().default("/feishu/events"),
+    webhookHost: z.string().optional(),
     webhookPort: z.number().int().positive().optional(),
     capabilities: z.array(z.string()).optional(),
     markdown: MarkdownConfigSchema,
@@ -191,6 +193,38 @@ export const FeishuConfigSchema = z
   })
   .strict()
   .superRefine((value, ctx) => {
+    const defaultConnectionMode = value.connectionMode ?? "websocket";
+    const defaultVerificationToken = value.verificationToken?.trim();
+    if (defaultConnectionMode === "webhook" && !defaultVerificationToken) {
+      ctx.addIssue({
+        code: z.ZodIssueCode.custom,
+        path: ["verificationToken"],
+        message:
+          'channels.feishu.connectionMode="webhook" requires channels.feishu.verificationToken',
+      });
+    }
+
+    for (const [accountId, account] of Object.entries(value.accounts ?? {})) {
+      if (!account) {
+        continue;
+      }
+      const accountConnectionMode = account.connectionMode ?? defaultConnectionMode;
+      if (accountConnectionMode !== "webhook") {
+        continue;
+      }
+      const accountVerificationToken =
+        account.verificationToken?.trim() || defaultVerificationToken;
+      if (!accountVerificationToken) {
+        ctx.addIssue({
+          code: z.ZodIssueCode.custom,
+          path: ["accounts", accountId, "verificationToken"],
+          message:
+            `channels.feishu.accounts.${accountId}.connectionMode="webhook" requires ` +
+            "a verificationToken (account-level or top-level)",
+        });
+      }
+    }
+
     if (value.dmPolicy === "open") {
       const allowFrom = value.allowFrom ?? [];
       const hasWildcard = allowFrom.some((entry) => String(entry).trim() === "*");

package/src/external-keys.test.ts

@@ -0,0 +1,20 @@
+import { describe, expect, it } from "vitest";
+import { normalizeFeishuExternalKey } from "./external-keys.js";
+
+describe("normalizeFeishuExternalKey", () => {
+  it("accepts a normal feishu key and trims surrounding spaces", () => {
+    expect(normalizeFeishuExternalKey("  img_v3_01abcDEF123  ")).toBe("img_v3_01abcDEF123");
+  });
+
+  it("rejects traversal and path separator patterns", () => {
+    expect(normalizeFeishuExternalKey("../etc/passwd")).toBeUndefined();
+    expect(normalizeFeishuExternalKey("a/../../b")).toBeUndefined();
+    expect(normalizeFeishuExternalKey("a\\..\\b")).toBeUndefined();
+  });
+
+  it("rejects empty, non-string, and control-char values", () => {
+    expect(normalizeFeishuExternalKey("   ")).toBeUndefined();
+    expect(normalizeFeishuExternalKey(123)).toBeUndefined();
+    expect(normalizeFeishuExternalKey("abc\u0000def")).toBeUndefined();
+  });
+});

package/src/external-keys.ts

@@ -0,0 +1,19 @@
+const CONTROL_CHARS_RE = /[\u0000-\u001f\u007f]/;
+const MAX_EXTERNAL_KEY_LENGTH = 512;
+
+export function normalizeFeishuExternalKey(value: unknown): string | undefined {
+  if (typeof value !== "string") {
+    return undefined;
+  }
+  const normalized = value.trim();
+  if (!normalized || normalized.length > MAX_EXTERNAL_KEY_LENGTH) {
+    return undefined;
+  }
+  if (CONTROL_CHARS_RE.test(normalized)) {
+    return undefined;
+  }
+  if (normalized.includes("/") || normalized.includes("\\") || normalized.includes("..")) {
+    return undefined;
+  }
+  return normalized;
+}

package/src/media.test.ts

@@ -1,3 +1,6 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
 const createFeishuClientMock = vi.hoisted(() => vi.fn());
@@ -7,7 +10,9 @@ const resolveReceiveIdTypeMock = vi.hoisted(() => vi.fn());
 const loadWebMediaMock = vi.hoisted(() => vi.fn());
 
 const fileCreateMock = vi.hoisted(() => vi.fn());
+const imageGetMock = vi.hoisted(() => vi.fn());
 const messageCreateMock = vi.hoisted(() => vi.fn());
+const messageResourceGetMock = vi.hoisted(() => vi.fn());
 const messageReplyMock = vi.hoisted(() => vi.fn());
 
 vi.mock("./client.js", () => ({
@@ -31,7 +36,7 @@ vi.mock("./runtime.js", () => ({
   }),
 }));
 
-import { sendMediaFeishu } from "./media.js";
+import { downloadImageFeishu, downloadMessageResourceFeishu, sendMediaFeishu } from "./media.js";
 
 describe("sendMediaFeishu msg_type routing", () => {
   beforeEach(() => {
@@ -54,10 +59,16 @@ describe("sendMediaFeishu msg_type routing", () => {
         file: {
           create: fileCreateMock,
         },
+        image: {
+          get: imageGetMock,
+        },
         message: {
           create: messageCreateMock,
           reply: messageReplyMock,
         },
+        messageResource: {
+          get: messageResourceGetMock,
+        },
       },
     });
 
@@ -82,6 +93,9 @@ describe("sendMediaFeishu msg_type routing", () => {
       kind: "audio",
       contentType: "audio/ogg",
     });
+
+    imageGetMock.mockResolvedValue(Buffer.from("image-bytes"));
+    messageResourceGetMock.mockResolvedValue(Buffer.from("resource-bytes"));
   });
 
   it("uses msg_type=media for mp4", async () => {
@@ -184,4 +198,84 @@ describe("sendMediaFeishu msg_type routing", () => {
     expect(messageCreateMock).not.toHaveBeenCalled();
     expect(messageReplyMock).not.toHaveBeenCalled();
   });
+
+  it("uses isolated temp paths for image downloads", async () => {
+    const imageKey = "img_v3_01abc123";
+    let capturedPath: string | undefined;
+
+    imageGetMock.mockResolvedValueOnce({
+      writeFile: async (tmpPath: string) => {
+        capturedPath = tmpPath;
+        await fs.writeFile(tmpPath, Buffer.from("image-data"));
+      },
+    });
+
+    const result = await downloadImageFeishu({
+      cfg: {} as any,
+      imageKey,
+    });
+
+    expect(result.buffer).toEqual(Buffer.from("image-data"));
+    expect(capturedPath).toBeDefined();
+    expect(capturedPath).not.toContain(imageKey);
+    expect(capturedPath).not.toContain("..");
+
+    const tmpRoot = path.resolve(os.tmpdir());
+    const resolved = path.resolve(capturedPath as string);
+    const rel = path.relative(tmpRoot, resolved);
+    expect(rel === ".." || rel.startsWith(`..${path.sep}`)).toBe(false);
+  });
+
+  it("uses isolated temp paths for message resource downloads", async () => {
+    const fileKey = "file_v3_01abc123";
+    let capturedPath: string | undefined;
+
+    messageResourceGetMock.mockResolvedValueOnce({
+      writeFile: async (tmpPath: string) => {
+        capturedPath = tmpPath;
+        await fs.writeFile(tmpPath, Buffer.from("resource-data"));
+      },
+    });
+
+    const result = await downloadMessageResourceFeishu({
+      cfg: {} as any,
+      messageId: "om_123",
+      fileKey,
+      type: "image",
+    });
+
+    expect(result.buffer).toEqual(Buffer.from("resource-data"));
+    expect(capturedPath).toBeDefined();
+    expect(capturedPath).not.toContain(fileKey);
+    expect(capturedPath).not.toContain("..");
+
+    const tmpRoot = path.resolve(os.tmpdir());
+    const resolved = path.resolve(capturedPath as string);
+    const rel = path.relative(tmpRoot, resolved);
+    expect(rel === ".." || rel.startsWith(`..${path.sep}`)).toBe(false);
+  });
+
+  it("rejects invalid image keys before calling feishu api", async () => {
+    await expect(
+      downloadImageFeishu({
+        cfg: {} as any,
+        imageKey: "a/../../bad",
+      }),
+    ).rejects.toThrow("invalid image_key");
+
+    expect(imageGetMock).not.toHaveBeenCalled();
+  });
+
+  it("rejects invalid file keys before calling feishu api", async () => {
+    await expect(
+      downloadMessageResourceFeishu({
+        cfg: {} as any,
+        messageId: "om_123",
+        fileKey: "x/../../bad",
+        type: "file",
+      }),
+    ).rejects.toThrow("invalid file_key");
+
+    expect(messageResourceGetMock).not.toHaveBeenCalled();
+  });
 });

package/src/media.ts

@@ -1,10 +1,10 @@
 import fs from "fs";
-import os from "os";
 import path from "path";
 import { Readable } from "stream";
-import type { ClawdbotConfig } from "openclaw/plugin-sdk";
+import { withTempDownloadPath, type ClawdbotConfig } from "openclaw/plugin-sdk";
 import { resolveFeishuAccount } from "./accounts.js";
 import { createFeishuClient } from "./client.js";
+import { normalizeFeishuExternalKey } from "./external-keys.js";
 import { getFeishuRuntime } from "./runtime.js";
 import { assertFeishuMessageApiSuccess, toFeishuSendResult } from "./send-result.js";
 import { resolveReceiveIdType, normalizeFeishuTarget } from "./targets.js";
@@ -22,7 +22,7 @@ export type DownloadMessageResourceResult = {
 
 async function readFeishuResponseBuffer(params: {
   response: unknown;
-  tmpPath: string;
+  tmpDirPrefix: string;
   errorPrefix: string;
 }): Promise<Buffer> {
   const { response } = params;
@@ -53,10 +53,10 @@ async function readFeishuResponseBuffer(params: {
     return Buffer.concat(chunks);
   }
   if (typeof responseAny.writeFile === "function") {
-    await responseAny.writeFile(params.tmpPath);
-    const buffer = await fs.promises.readFile(params.tmpPath);
-    await fs.promises.unlink(params.tmpPath).catch(() => {});
-    return buffer;
+    return await withTempDownloadPath({ prefix: params.tmpDirPrefix }, async (tmpPath) => {
+      await responseAny.writeFile(tmpPath);
+      return await fs.promises.readFile(tmpPath);
+    });
   }
   if (typeof responseAny[Symbol.asyncIterator] === "function") {
     const chunks: Buffer[] = [];
@@ -88,6 +88,10 @@ export async function downloadImageFeishu(params: {
   accountId?: string;
 }): Promise<DownloadImageResult> {
   const { cfg, imageKey, accountId } = params;
+  const normalizedImageKey = normalizeFeishuExternalKey(imageKey);
+  if (!normalizedImageKey) {
+    throw new Error("Feishu image download failed: invalid image_key");
+  }
   const account = resolveFeishuAccount({ cfg, accountId });
   if (!account.configured) {
     throw new Error(`Feishu account "${account.accountId}" not configured`);
@@ -96,13 +100,12 @@ export async function downloadImageFeishu(params: {
   const client = createFeishuClient(account);
 
   const response = await client.im.image.get({
-    path: { image_key: imageKey },
+    path: { image_key: normalizedImageKey },
   });
 
-  const tmpPath = path.join(os.tmpdir(), `feishu_img_${Date.now()}_${imageKey}`);
   const buffer = await readFeishuResponseBuffer({
     response,
-    tmpPath,
+    tmpDirPrefix: "openclaw-feishu-img-",
     errorPrefix: "Feishu image download failed",
   });
   return { buffer };
@@ -120,6 +123,10 @@ export async function downloadMessageResourceFeishu(params: {
   accountId?: string;
 }): Promise<DownloadMessageResourceResult> {
   const { cfg, messageId, fileKey, type, accountId } = params;
+  const normalizedFileKey = normalizeFeishuExternalKey(fileKey);
+  if (!normalizedFileKey) {
+    throw new Error("Feishu message resource download failed: invalid file_key");
+  }
   const account = resolveFeishuAccount({ cfg, accountId });
   if (!account.configured) {
     throw new Error(`Feishu account "${account.accountId}" not configured`);
@@ -128,14 +135,13 @@ export async function downloadMessageResourceFeishu(params: {
   const client = createFeishuClient(account);
 
   const response = await client.im.messageResource.get({
-    path: { message_id: messageId, file_key: fileKey },
+    path: { message_id: messageId, file_key: normalizedFileKey },
     params: { type },
   });
 
-  const tmpPath = path.join(os.tmpdir(), `feishu_${Date.now()}_${fileKey}`);
   const buffer = await readFeishuResponseBuffer({
     response,
-    tmpPath,
+    tmpDirPrefix: "openclaw-feishu-resource-",
     errorPrefix: "Feishu message resource download failed",
   });
   return { buffer };

package/src/mention.ts

@@ -1,5 +1,12 @@
 import type { FeishuMessageEvent } from "./bot.js";
 
+/**
+ * Escape regex metacharacters so user-controlled mention fields are treated literally.
+ */
+export function escapeRegExp(input: string): string {
+  return input.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
 /**
  * Mention target user info
  */
@@ -67,7 +74,7 @@ export function extractMessageBody(text: string, allMentionKeys: string[]): stri
 
   // Remove all @ placeholders
   for (const key of allMentionKeys) {
-    result = result.replace(new RegExp(key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"), "g"), "");
+    result = result.replace(new RegExp(escapeRegExp(key), "g"), "");
   }
 
   return result.replace(/\s+/g, " ").trim();

package/src/monitor.ts

@@ -25,6 +25,52 @@ const httpServers = new Map<string, http.Server>();
 const botOpenIds = new Map<string, string>();
 const FEISHU_WEBHOOK_MAX_BODY_BYTES = 1024 * 1024;
 const FEISHU_WEBHOOK_BODY_TIMEOUT_MS = 30_000;
+const FEISHU_WEBHOOK_RATE_LIMIT_WINDOW_MS = 60_000;
+const FEISHU_WEBHOOK_RATE_LIMIT_MAX_REQUESTS = 120;
+const FEISHU_WEBHOOK_COUNTER_LOG_EVERY = 25;
+const feishuWebhookRateLimits = new Map<string, { count: number; windowStartMs: number }>();
+const feishuWebhookStatusCounters = new Map<string, number>();
+
+function isJsonContentType(value: string | string[] | undefined): boolean {
+  const first = Array.isArray(value) ? value[0] : value;
+  if (!first) {
+    return false;
+  }
+  const mediaType = first.split(";", 1)[0]?.trim().toLowerCase();
+  return mediaType === "application/json" || Boolean(mediaType?.endsWith("+json"));
+}
+
+function isWebhookRateLimited(key: string, nowMs: number): boolean {
+  const state = feishuWebhookRateLimits.get(key);
+  if (!state || nowMs - state.windowStartMs >= FEISHU_WEBHOOK_RATE_LIMIT_WINDOW_MS) {
+    feishuWebhookRateLimits.set(key, { count: 1, windowStartMs: nowMs });
+    return false;
+  }
+
+  state.count += 1;
+  if (state.count > FEISHU_WEBHOOK_RATE_LIMIT_MAX_REQUESTS) {
+    return true;
+  }
+  return false;
+}
+
+function recordWebhookStatus(
+  runtime: RuntimeEnv | undefined,
+  accountId: string,
+  path: string,
+  statusCode: number,
+): void {
+  if (![400, 401, 408, 413, 415, 429].includes(statusCode)) {
+    return;
+  }
+  const key = `${accountId}:${path}:${statusCode}`;
+  const next = (feishuWebhookStatusCounters.get(key) ?? 0) + 1;
+  feishuWebhookStatusCounters.set(key, next);
+  if (next === 1 || next % FEISHU_WEBHOOK_COUNTER_LOG_EVERY === 0) {
+    const log = runtime?.log ?? console.log;
+    log(`feishu[${accountId}]: webhook anomaly path=${path} status=${statusCode} count=${next}`);
+  }
+}
 
 async function fetchBotOpenId(account: ResolvedFeishuAccount): Promise<string | undefined> {
   try {
@@ -120,6 +166,9 @@ async function monitorSingleAccount(params: MonitorAccountParams): Promise<void>
   log(`feishu[${accountId}]: bot open_id resolved: ${botOpenId ?? "unknown"}`);
 
   const connectionMode = account.config.connectionMode ?? "websocket";
+  if (connectionMode === "webhook" && !account.verificationToken?.trim()) {
+    throw new Error(`Feishu account "${accountId}" webhook mode requires verificationToken`);
+  }
   const eventDispatcher = createEventDispatcher(account);
   const chatHistories = new Map<string, HistoryEntry[]>();
 
@@ -200,12 +249,30 @@ async function monitorWebhook({
 
   const port = account.config.webhookPort ?? 3000;
   const path = account.config.webhookPath ?? "/feishu/events";
+  const host = account.config.webhookHost ?? "127.0.0.1";
 
-  log(`feishu[${accountId}]: starting Webhook server on port ${port}, path ${path}...`);
+  log(`feishu[${accountId}]: starting Webhook server on ${host}:${port}, path ${path}...`);
 
   const server = http.createServer();
   const webhookHandler = Lark.adaptDefault(path, eventDispatcher, { autoChallenge: true });
   server.on("request", (req, res) => {
+    res.on("finish", () => {
+      recordWebhookStatus(runtime, accountId, path, res.statusCode);
+    });
+
+    const rateLimitKey = `${accountId}:${path}:${req.socket.remoteAddress ?? "unknown"}`;
+    if (isWebhookRateLimited(rateLimitKey, Date.now())) {
+      res.statusCode = 429;
+      res.end("Too Many Requests");
+      return;
+    }
+
+    if (req.method === "POST" && !isJsonContentType(req.headers["content-type"])) {
+      res.statusCode = 415;
+      res.end("Unsupported Media Type");
+      return;
+    }
+
     const guard = installRequestBodyLimitGuard(req, res, {
       maxBytes: FEISHU_WEBHOOK_MAX_BODY_BYTES,
       timeoutMs: FEISHU_WEBHOOK_BODY_TIMEOUT_MS,
@@ -247,8 +314,8 @@ async function monitorWebhook({
 
     abortSignal?.addEventListener("abort", handleAbort, { once: true });
 
-    server.listen(port, () => {
-      log(`feishu[${accountId}]: Webhook server listening on port ${port}`);
+    server.listen(port, host, () => {
+      log(`feishu[${accountId}]: Webhook server listening on ${host}:${port}`);
     });
 
     server.on("error", (err) => {

package/src/monitor.webhook-security.test.ts

@@ -0,0 +1,174 @@
+import { createServer } from "node:http";
+import type { AddressInfo } from "node:net";
+import type { ClawdbotConfig } from "openclaw/plugin-sdk";
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+const probeFeishuMock = vi.hoisted(() => vi.fn());
+
+vi.mock("@larksuiteoapi/node-sdk", () => ({
+  adaptDefault: vi.fn(
+    () => (_req: unknown, res: { statusCode?: number; end: (s: string) => void }) => {
+      res.statusCode = 200;
+      res.end("ok");
+    },
+  ),
+}));
+
+vi.mock("./probe.js", () => ({
+  probeFeishu: probeFeishuMock,
+}));
+
+vi.mock("./client.js", () => ({
+  createFeishuWSClient: vi.fn(() => ({ start: vi.fn() })),
+  createEventDispatcher: vi.fn(() => ({ register: vi.fn() })),
+}));
+
+import { monitorFeishuProvider, stopFeishuMonitor } from "./monitor.js";
+
+async function getFreePort(): Promise<number> {
+  const server = createServer();
+  await new Promise<void>((resolve) => server.listen(0, "127.0.0.1", () => resolve()));
+  const address = server.address() as AddressInfo | null;
+  if (!address) {
+    throw new Error("missing server address");
+  }
+  await new Promise<void>((resolve) => server.close(() => resolve()));
+  return address.port;
+}
+
+async function waitUntilServerReady(url: string): Promise<void> {
+  for (let i = 0; i < 50; i += 1) {
+    try {
+      const response = await fetch(url, { method: "GET" });
+      if (response.status >= 200 && response.status < 500) {
+        return;
+      }
+    } catch {
+      // retry
+    }
+    await new Promise((resolve) => setTimeout(resolve, 20));
+  }
+  throw new Error(`server did not start: ${url}`);
+}
+
+function buildConfig(params: {
+  accountId: string;
+  path: string;
+  port: number;
+  verificationToken?: string;
+}): ClawdbotConfig {
+  return {
+    channels: {
+      feishu: {
+        enabled: true,
+        accounts: {
+          [params.accountId]: {
+            enabled: true,
+            appId: "cli_test",
+            appSecret: "secret_test",
+            connectionMode: "webhook",
+            webhookHost: "127.0.0.1",
+            webhookPort: params.port,
+            webhookPath: params.path,
+            verificationToken: params.verificationToken,
+          },
+        },
+      },
+    },
+  } as ClawdbotConfig;
+}
+
+afterEach(() => {
+  stopFeishuMonitor();
+});
+
+describe("Feishu webhook security hardening", () => {
+  it("rejects webhook mode without verificationToken", async () => {
+    probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" });
+
+    const cfg = buildConfig({
+      accountId: "missing-token",
+      path: "/hook-missing-token",
+      port: await getFreePort(),
+    });
+
+    await expect(monitorFeishuProvider({ config: cfg })).rejects.toThrow(
+      /requires verificationToken/i,
+    );
+  });
+
+  it("returns 415 for POST requests without json content type", async () => {
+    probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" });
+    const port = await getFreePort();
+    const path = "/hook-content-type";
+    const cfg = buildConfig({
+      accountId: "content-type",
+      path,
+      port,
+      verificationToken: "verify_token",
+    });
+
+    const abortController = new AbortController();
+    const runtime = { log: vi.fn(), error: vi.fn(), exit: vi.fn() };
+    const monitorPromise = monitorFeishuProvider({
+      config: cfg,
+      runtime,
+      abortSignal: abortController.signal,
+    });
+
+    await waitUntilServerReady(`http://127.0.0.1:${port}${path}`);
+
+    const response = await fetch(`http://127.0.0.1:${port}${path}`, {
+      method: "POST",
+      headers: { "content-type": "text/plain" },
+      body: "{}",
+    });
+
+    expect(response.status).toBe(415);
+    expect(await response.text()).toBe("Unsupported Media Type");
+
+    abortController.abort();
+    await monitorPromise;
+  });
+
+  it("rate limits webhook burst traffic with 429", async () => {
+    probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" });
+    const port = await getFreePort();
+    const path = "/hook-rate-limit";
+    const cfg = buildConfig({
+      accountId: "rate-limit",
+      path,
+      port,
+      verificationToken: "verify_token",
+    });
+
+    const abortController = new AbortController();
+    const runtime = { log: vi.fn(), error: vi.fn(), exit: vi.fn() };
+    const monitorPromise = monitorFeishuProvider({
+      config: cfg,
+      runtime,
+      abortSignal: abortController.signal,
+    });
+
+    await waitUntilServerReady(`http://127.0.0.1:${port}${path}`);
+
+    let saw429 = false;
+    for (let i = 0; i < 130; i += 1) {
+      const response = await fetch(`http://127.0.0.1:${port}${path}`, {
+        method: "POST",
+        headers: { "content-type": "text/plain" },
+        body: "{}",
+      });
+      if (response.status === 429) {
+        saw429 = true;
+        expect(await response.text()).toBe("Too Many Requests");
+        break;
+      }
+    }
+
+    expect(saw429).toBe(true);
+
+    abortController.abort();
+    await monitorPromise;
+  });
+});