feishu-cli-msg

SUSPICIOUS. The skill’s behavior mostly matches its messaging purpose and data flows appear aimed at Feishu, but it relies on a non-official third-party CLI from a personal GitHub account and can autonomously send real-world communications, including urgent phone/SMS notifications. Main risk is supply-chain trust plus action-taking authority, not clear credential theft or exfiltration.