feishu-cli-export
Warn
Audited by Socket on Apr 27, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
结论为 SUSPICIOUS。技能用途与导出能力大体匹配,也未见明确恶意外传端点;但它把飞书应用凭证与用户 Token 交给个人开发者发布的第三方 CLI,并依赖 raw GitHub 的 curl|bash 安装与可变版本发布,构成显著供应链与凭证转交风险。
Confidence: 85%Severity: 84%
Audit Metadata