feishu-cli-approval
Warn
Audited by Socket on Jun 29, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s capabilities match its Feishu approval purpose, but it relies on an unofficial third-party CLI from a personal GitHub repo, installed via curl|bash, and forwards sensitive User Token/app credentials into that tool. This is not confirmed malware, yet the install-trust and credential-forwarding footprint is higher than ideal for an approval skill.
Confidence: 87%Severity: 62%
Audit Metadata