Scan Report
5 /100
mermaid-to-feishu
Canvas/Browser rendering of Mermaid diagrams to PNG images for Feishu messaging
This is a documentation-only skill for rendering Mermaid diagrams to Feishu images. No malicious code or scripts are present; only SKILL.md exists describing the intended behavior.
Safe to install
This skill is safe to use. The documentation is clear and describes legitimate browser-based Mermaid rendering with Feishu API integration.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Info | Documentation references non-existent scripts Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in documentation |
| Network | READ | READ | ✓ Aligned | Mermaid CDN and Feishu API only |
| Shell | NONE | NONE | — | No subprocess usage |
| Browser | READ | READ | ✓ Aligned | Browser navigate + snapshot documented |
3 findings
Medium External URL 外部 URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal SKILL.md:238 Medium External URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/images SKILL.md:263 Medium External URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id SKILL.md:276 File Tree
2 files · 11.2 KB · 474 lines Markdown 1f · 459L
JSON 1f · 15L
├─
skill.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No actual malicious code present - only documentation
✓ Network requests limited to legitimate CDNs (jsdelivr.net) and official Feishu API
✓ No credential harvesting or exfiltration behavior
✓ Clear documentation of intended browser-based rendering workflow
✓ No base64-encoded commands or obfuscation
✓ No remote script execution patterns (curl|bash, wget|sh)