feishu-cli-toolkit

SUSPICIOUS. The skill's Feishu-focused capabilities are largely aligned with its stated purpose, but its core dependency is a personally published external CLI installed via raw GitHub `curl|bash` and unsigned release binaries. Because the skill also directs tokens and sensitive workspace content through that binary, the install-trust and credential-forwarding risks are disproportionate enough to classify it as suspicious rather than benign.