The Agent Skills Directory

[COMMAND_EXECUTION]: The script uses subprocess.run to call the ffmpeg binary for generating video covers. The command is constructed as a list, which is a standard security practice to prevent shell injection vulnerabilities.
[CREDENTIALS_UNSAFE]: The skill correctly handles Feishu API credentials (APP_ID and APP_SECRET) by loading them from environment variables or a specific environment file (~/.openclaw/.env). This avoids hardcoding sensitive information within the source code.
[SAFE]: The skill communicates with the official Feishu Open API endpoints (open.feishu.cn) to perform its documented functions, such as acquiring access tokens and uploading media, with no evidence of unauthorized data exfiltration.

feishu-video-sender