feishu-integration
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: Multiple automation scripts contain hardcoded sensitive Feishu application credentials.
- Evidence: The APP_ID and APP_SECRET (e.g., '4OazKFCmZTT4cjlwK0ecAhr3eAaJ7dhH') are hardcoded in 12 files within the scripts/ directory, including add_admin_to_bitable.py and create_feishu_app.py.
- Evidence: Hardcoded specific user IDs (ou_...) and application tokens (OJYHb0j3ba2...) are present in the script logic.
- [COMMAND_EXECUTION]: Documentation provides shell commands for environment setup and execution of the included Python scripts.
- Evidence: SKILL.md contains bash commands for installing dependencies via pip and running the integration scripts.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external Python libraries from public registries.
- Evidence: SKILL.md and script comments specify dependencies on requests, lark-oapi, and matplotlib.
Recommendations
- AI detected serious security threats
Audit Metadata