feishu-wiki-orchestrator

The skill concept is coherent with its stated purpose: parse Markdown and create wiki documents in Feishu Knowledge, including content insertion and validation. However, there are notable security concerns around credential exposure via environment configuration, the leakage risk from outputs that include URLs and a node Token, and the lack of explicit secret-management practices. To improve security, constrain and rotate tokens, avoid logging secrets, consider binding to a least-privilege Feishu scope, and provide guidance or tooling for secure secret handling (e.g., vault integration, environment-scoped secrets). Overall, the footprint is plausible for a developer tooling scenario but remains suspicious enough to warrant mitigations before broad use.

The code fragment exposes sensitive identifiers (node_token, collaborator_id) and elevated permission flags in clear text. There is no active malicious behavior, but the risk is sufficient to warrant redaction and strict access controls to prevent credential leakage or abuse in logs or transmitted data. Recommended controls: redact or mask node_token and collaborator_id in all logs and user interfaces; enforce least-privilege on permission flags; rotate tokens regularly; store sensitive fields in protected, access-controlled secrets storage; validate and sanitize payloads before rendering or transmitting.