Scan Report
20 /100
feishu-doc-block-writer
飞书文档 Block 拆分写入技能 - 自动将长内容拆分为多个 Blocks 写入飞书文档
Documentation-only skill referencing non-existent implementation scripts - no actual malicious code present, but SKILL.md promises functionality that doesn't exist.
Safe to install
This skill references scripts/block-writer.py that are not included in the package. Either add the implementation files or update SKILL.md to clarify this is a documentation-only reference skill.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Missing Implementation Files Doc Mismatch | SKILL.md:53 |
| Info | Unverified Tool Usage Doc Mismatch | SKILL.md:13 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md mentions script paths but no files exist |
| Network | NONE | NONE | — | No network calls in documentation or code |
| Shell | NONE | NONE | — | SKILL.md shows bash examples but no scripts exist |
| Environment | NONE | NONE | — | No environment variable access documented |
| Skill Invoke | NONE | READ | ✓ Aligned | SKILL.md: mentions feishu_doc tool usage (create/append methods) |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | Mentions auto_open_chrome config but no actual browser automation code |
| Database | NONE | NONE | — | No database access documented |
File Tree
2 files · 7.5 KB · 368 lines Markdown 1f · 349L
JSON 1f · 19L
├─
skill.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No malicious code or scripts present in the package
✓ No credential harvesting or environment variable access
✓ No network calls or data exfiltration mechanisms
✓ No obfuscated code or base64-encoded payloads
✓ No suspicious file access patterns (no ~/.ssh, ~/.aws, .env access)
✓ No supply chain risks (no external dependencies)
✓ Clean JSON metadata with proper MIT license