feishu-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes concrete curl examples that embed app_id/app_secret and Authorization Bearer tokens inline (even if as placeholders), which encourages substituting real secrets directly into commands and would require the LLM to output those secret values verbatim if provided.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package contains high-risk backdoor-like elements: hard-coded Feishu app_id/app_secret credentials (in feishu_api.py) and default-tenant behavior that will use those credentials automatically, plus helper scripts that programmatically modify the user's ~/.claude.json to install an MCP server with broad presets and scripts that upload documents and set wide sharing — together these enable unauthorized access, data access/exfiltration, and silent remote actions via the embedded credentials and config changes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP configuration will invoke npx to fetch and run the remote npm package (@larksuiteoapi/lark-mcp) at runtime (see the generated command "npx -y @larksuiteoapi/lark-mcp ..."), which downloads and executes external code that the skill depends on to provide the mcp__lark-mcp_ capabilities.