feishu-chat-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to official Feishu API endpoints (open.feishu.cn) to fetch and send messages. These are well-known service domains for the intended functionality.
- [CREDENTIALS_UNSAFE]: The script correctly uses
os.getenvto retrieveFEISHU_APP_IDandFEISHU_APP_SECRETfrom the environment. No hardcoded secrets were found in the codebase. - [COMMAND_EXECUTION]: The skill does not execute arbitrary shell commands; it only runs a standard Python script for monitoring tasks.
- [DATA_EXFILTRATION]: Network operations are restricted to Feishu's official communication platform for the purpose of chat monitoring. No unauthorized data transmission to third-party or unknown domains was observed.
Audit Metadata