feishu-binding
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a standard OAuth2 device authorization flow for account binding. It instructs the agent to initiate the flow, present a verification link or QR code to the user, and poll for a completion status once the user confirms. All operations are performed through the built-in
feishutool. - [SAFE]: No external downloads, remote code execution, or credential exposures were detected. The domains mentioned (
feishu.cn,larksuite.com) are the official sites for the services described. - [SAFE]: The skill follows least-privilege principles by requiring user confirmation before destructive actions like
disconnectand avoiding automatic polling.
Audit Metadata