Skills
skills/aaaaqwq/claude-code-skills/feishu-automation/Gen Agent Trust Hub

feishu-automation

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file feishu_api.py contains hardcoded app_id and app_secret credentials for two distinct Feishu tenants. The 'personal' tenant exposes the ID cli_a83467f9ecba5013 and secret bX21pNOyAXHwFXWf0SVGphWQrqrgC5Gd, while the 'hanxing' tenant exposes cli_a9f758c0efa2dcc4 and 5djHWjk8t6QHRquDJXG9JiNEgPynmnIN.
  • [EXTERNAL_DOWNLOADS]: The configuration script feishu-mcp-setup.js executes the npx command to dynamically download and run the @larksuiteoapi/lark-mcp package from the public npm registry.
  • [COMMAND_EXECUTION]: The skill utilizes several shell and Python scripts (feishu-mcp-setup.sh, feishu-send.sh, scripts/md2feishu.sh) to execute system-level commands, including interacting with the Feishu API via curl and modifying the user's local .claude.json configuration file in the home directory.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 07:36 AM