Scan Report
5 /100
interview-question-gen
Generate a structured Feishu interview question document from a candidate's resume, then append a comprehensive evaluation after receiving the interview transcript.
Pure documentation/macro skill with no executable code, no scripts, no dependencies, and no security-relevant behavior. All stated capabilities are appropriate for a Feishu-integrated interview workflow.
Safe to install
This skill is safe to use. No security concerns identified. If deploying, ensure the referenced feishu_bot_doc.mjs script is reviewed separately.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md describes reading PDF resumes and rendering them with PyMuPDF |
| Network | READ | READ | ✓ Aligned | SKILL.md fetches a Feishu product framework wiki page before generating question… |
| Skill Invoke | READ | READ | ✓ Aligned | SKILL.md instructs reading Feishu docs via feishu_doc read/append actions |
| Shell | NONE | NONE | — | No shell usage in any file. Bash command in SKILL.md references an external scri… |
| Clipboard | NONE | READ | ✓ Aligned | SKILL.md accepts pasted interview transcripts as text blocks — implied minimal c… |
| Database | NONE | NONE | — | No database access referenced or present |
| Environment | NONE | NONE | — | No environment variable access in any file |
1 findings
Medium External URL 外部 URL
https://wepie.feishu.cn/wiki/Q62TwQ3Fsi5Q8kkc0iDcINsSnno SKILL.md:28 File Tree
4 files · 11.5 KB · 270 lines Markdown 3f · 264L
JSON 1f · 6L
├─
▾
references
│ ├─
evaluation-template.md
Markdown
│ └─
question-template.md
Markdown
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present — skill is pure documentation and templates
✓ No dependencies (no requirements.txt, package.json, Cargo.toml, or similar)
✓ No credential harvesting, API key access, or environment variable enumeration
✓ No data exfiltration channels (no network POSTs, no external IP connections)
✓ No obfuscation techniques (no base64, no eval, no dynamic code generation)
✓ No suspicious IOCs (no hardcoded IPs, no DNS callbacks, no C2 indicators)
✓ All external URLs are legitimate Feishu endpoints appropriate to the workflow
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env, or similar paths)
✓ No supply chain risks (no third-party packages or scripts)
✓ Documentation accurately describes the intended workflow with no hidden functionality