Skill Trust Decision
feishu-mcp
SKILL.md exposes hardcoded credentials (appID and appSecret) for a Feishu application in plaintext, representing critical credential leakage.
Most direct threat evidence
Critical
Hardcoded Application Secret Exposed The appSecret 'BiL8CymBwxiA998MXxvUKbN23RhPsxAg' is hardcoded in plaintext within SKILL.md. If these are real credentials, they can be harvested and used to access the associated Feishu application with document permissions.
SKILL.md:23 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
2 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Hardcoded credentials exposed in SKILL.md
Impact · SKILL.md:22
02
Attacker harvests appID and appSecret from documentation
exploitation · SKILL.md:23
03
Attacker uses credentials to access Feishu MCP API with document permissions
Impact · SKILL.md:21
What drove the risk score up
Hardcoded credentials in documentation +50
appSecret 'BiL8CymBwxiA998MXxvUKbN23RhPsxAg' exposed in plaintext at line 23
Additional credential exposure +20
appID 'cli_a926728f3e38dcba' also exposed in plaintext
No declared security controls +5
SKILL.md provides no guidance on credential protection
Most important evidence
Critical
Hardcoded Application Secret Exposed
The appSecret 'BiL8CymBwxiA998MXxvUKbN23RhPsxAg' is hardcoded in plaintext within SKILL.md. If these are real credentials, they can be harvested and used to access the associated Feishu application with document permissions.
SKILL.md:23 Remove all credentials from documentation. Use environment variables or secure secret management. If these are production credentials, rotate them immediately.
Critical
Hardcoded Application ID Exposed
The appID 'cli_a926728f3e38dcba' is exposed in plaintext documentation.
SKILL.md:22 Remove appID from documentation or use placeholder values.
Medium
External Network Endpoint Referenced
The skill references an external ByteDance/Feishu endpoint for MCP operations.
SKILL.md:21 Verify this is the legitimate Feishu MCP endpoint. Consider pinning to a specific version.
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
SKILL.md line 21: https://feishu-openai-mcp-proxy.bytedance.net/mcp credential Block
Declared NONE
→ Inferred ADMIN
SKILL.md lines 22-23: hardcoded appID and appSecret Suspicious artifacts and egress
Medium External URL
https://feishu-openai-mcp-proxy.bytedance.net/mcp SKILL.md:21
Medium External URL
https://xxx.feishu.cn/docx/ABC123def SKILL.md:121
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 126 lines
Markdown 1 files · 126 lines
Files of concern · 1
SKILL.md Hardcoded Application Secret Exposed · Hardcoded Application ID Exposed · External Network Endpoint Referenced · https://feishu-openai-mcp-proxy.bytedance.net/mcp · https://xxx.feishu.cn/docx/ABC123def
Security positives
No executable code present - only documentation
No suspicious patterns like base64, eval, or obfuscation
No filesystem, shell, or environment variable access declared
No data exfiltration mechanisms detected beyond credential exposure