feishu-cli-approval

Warn

Audited by Socket on Jun 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s capabilities match its Feishu approval purpose, but it relies on an unofficial third-party CLI from a personal GitHub repo, installed via curl|bash, and forwards sensitive User Token/app credentials into that tool. This is not confirmed malware, yet the install-trust and credential-forwarding footprint is higher than ideal for an approval skill.

Confidence: 87%Severity: 62%
Audit Metadata
Analyzed At
Jun 29, 2026, 06:32 AM
Package URL
pkg:socket/skills-sh/riba2534%2Ffeishu-cli%2Ffeishu-cli-approval%2F@6545d33297e3e818968e58dd8b61745d53bf51dab85f64afd7d19c62a66008f4
Security Audit — socket — feishu-cli-approval