feishu-cli-api
Fail
Audited by Snyk on Jun 13, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt documents a flag (--user-access-token) and usage that encourage passing access tokens explicitly on the command line, which would require the agent to include secret token strings verbatim in generated commands/outputs and thus poses a high exfiltration risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). This is a personal GitHub repository (unknown author) which can host unvetted code or release artifacts—potentially risky unless you verify repo activity, stars/forks, commit history, issues, and whether releases/binaries are signed or reproduced from source.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
Audit Metadata