feishu-mcp
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill instructs the user to run 'curl -fsSL https://raw.githubusercontent.com/AlexAnys/feishu-mcp/main/setup.sh | bash'. This executes an unverified script from an untrusted GitHub account (AlexAnys) with the privileges of the local shell, providing a direct path for malware installation or system takeover.
- External Downloads (HIGH): The skill downloads and executes code from a repository not included in the trusted source list. This violates basic security principles as the source's identity and the script's contents cannot be verified at runtime.
- Indirect Prompt Injection (HIGH): The skill has a significant attack surface for indirect prompt injection. 1. Ingestion points: The skill reads content from external documents (docx_v1_document_rawContent) and knowledge bases (wiki_v1_node_search). 2. Boundary markers: No boundary markers or 'ignore embedded instruction' warnings are present. 3. Capability inventory: The skill possesses high-privilege capabilities including document creation (create_feishu_document), block modification (batch_create_feishu_blocks), and database record creation (bitable_v1_appTableRecord_create). 4. Sanitization: No sanitization of the external content is performed. A malicious Feishu document could contain instructions that trick the agent into deleting data or exfiltrating information.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/AlexAnys/feishu-mcp/main/setup.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata