md-to-feishu

Warn

Audited by Socket on Mar 19, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s core purpose is coherent, but it routes sensitive data through third parties in two places: Feishu credentials are entrusted to the external feishu-docx CLI, and Mermaid diagram contents are sent to mermaid.ink. Install sources are partly trustworthy (official Astral installer, PyPI), but the overall data flow is not fully direct to official Feishu services.

Confidence: 85%Severity: 74%
Audit Metadata
Analyzed At
Mar 19, 2026, 10:06 AM
Package URL
pkg:socket/skills-sh/zc277584121%2Fmarketing-skills%2Fmd-to-feishu%2F@5b1108a93280959653658fb4553c3fea8d9a6b5d
Security Audit — socket — md-to-feishu