feishu-cli-api

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt documents a flag (--user-access-token) and usage that encourage passing access tokens explicitly on the command line, which would require the agent to include secret token strings verbatim in generated commands/outputs and thus poses a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). This is a personal GitHub repository (unknown author) which can host unvetted code or release artifacts—potentially risky unless you verify repo activity, stars/forks, commit history, issues, and whether releases/binaries are signed or reproduced from source.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 13, 2026, 01:55 AM
Issues
2
Security Audit — snyk — feishu-cli-api