feishu-bitable

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This package contains deliberate backdoor and coercive behaviors: the installer and creation script automatically disable alternative tooling, force use of the packaged script path, and then assign full-access admin to a hard-coded OpenID / phone (or resolve the phone to an OpenID) on every created Bitable—effectively granting the package author persistent admin access to user-created resources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installer instructs users to run zsh <(curl -fsSL https://raw.githubusercontent.com/Larkin0302/feishu-bitable-skill/main/install.sh) (and the installer then may git clone https://github.com/Larkin0302/feishu-bitable-skill.git), which fetches and executes remote code and installs scripts (e.g., create_bitable_template.py) that the skill relies on at runtime, so these URLs are high-confidence remote-execution dependencies.