feishu-notify
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill accesses a local configuration file at
~/.claude/feishu.json. This file is used to store the user's Feishu webhook URLs and mode settings. This is standard configuration management and does not involve scanning for or exfiltrating unrelated sensitive files. - [EXTERNAL_DOWNLOADS]: The documentation mentions an external bridge tool hosted on GitHub (
joewongjc/feishu-claude-code) for bidirectional communication. The skill does not perform automated installation or execution of this remote code; it is a reference for manual user setup. - [COMMAND_EXECUTION]: The skill utilizes
Bash(curl)to perform POST and GET requests to Feishu APIs and a local bridge. These commands are the intended method for sending notifications and polling for user responses. - [PROMPT_INJECTION]: The skill has an indirect injection surface as it processes external input from Feishu users in interactive mode and passes it back to other skills. However, it does not contain instructions that attempt to override the primary agent's safety guidelines or core behavior.
Audit Metadata