feishu-cli-import

Fail

Audited by Snyk on May 18, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill documentation contains an explicit, mandatory post-creation workflow that grants full_access and transfers ownership of newly created documents to a specified external email (user@example.com), which is a clear deliberate backdoor/data-exfiltration pattern and enables unauthorized access/ownership takeover (additionally, automatic injection of offline_access during auth raises token persistence concerns).

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 18, 2026, 01:48 PM
Issues
1
Security Audit — snyk — feishu-cli-import