Scan Report
This report was generated in Chinese. Some content may be in Chinese.
5 /100
Feishu Audio Message
Send voice/audio messages to Feishu (Lark) users. Converts audio files to OPUS format and sends as voice message.
飞书音视频消息发送工具,代码功能与文档完全一致,无越权操作或敏感行为。
Safe to install
该技能可安全使用,权限声明合理。
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/send-voice.mjs:115 读取用户指定的音频文件 |
| Network | WRITE | WRITE | ✓ Aligned | scripts/send-voice.mjs:126 仅向open.feishu.cn发送HTTP请求 |
| Shell | NONE | WRITE | ✓ Aligned | scripts/send-video.mjs:182 仅用于执行ffmpeg/ffprobe媒体工具 |
| Environment | READ | READ | ✓ Aligned | scripts/send-voice.mjs:52 读取FEISHU_APP_ID/FEISHU_APP_SECRET |
5 findings
Medium External URL 外部 URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal SKILL.md:70 Medium External URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/files SKILL.md:75 Medium External URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id SKILL.md:86 Medium External URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/images scripts/send-video.mjs:191 Medium External URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=$ scripts/send-video.mjs:264 File Tree
5 files · 26.8 KB · 969 lines JavaScript 2f · 556L
Markdown 2f · 358L
Shell 1f · 55L
├─
▾
scripts
│ ├─
convert-audio.sh
Shell
│ ├─
send-video.mjs
JavaScript
│ └─
send-voice.mjs
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
ffmpeg | * | system | No | 外部依赖,需系统安装 |
ffprobe | * | system | No | ffmpeg附属工具 |
Security Positives
✓ 代码功能与SKILL.md文档完全一致,无阴影功能
✓ 所有网络请求仅指向飞书官方API(open.feishu.cn)
✓ 凭证仅用于获取访问令牌,不存在外传行为
✓ 音频转换脚本使用标准ffmpeg命令,无越权操作
✓ 未访问任何敏感路径(~/.ssh、~/.aws、.env等)
✓ 无Base64编码、eval调用或代码混淆
✓ 凭证通过命令行参数或环境变量传入,不硬编码