扫描报告
5 /100
Feishu Audio Message
Send voice/audio messages to Feishu (Lark) users via Open API
Feishu audio/video messaging skill with fully documented functionality, legitimate API integration, and no malicious indicators.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | fs.readFileSync() used for local audio/video files only |
| 网络访问 | READ | WRITE | ✓ 一致 | Sends messages to Feishu API endpoints - necessary for messaging feature |
| 命令执行 | NONE | WRITE | ✓ 一致 | execFileSync for ffmpeg/ffprobe; documented in SKILL.md as requirement |
| 环境变量 | READ | READ | ✓ 一致 | Reads FEISHU_APP_ID, FEISHU_APP_SECRET - documented and necessary |
5 项发现
中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal SKILL.md:70 中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/files SKILL.md:75 中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id SKILL.md:86 中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/images scripts/send-video.mjs:191 中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=$ scripts/send-video.mjs:264 目录结构
5 文件 · 26.8 KB · 969 行 JavaScript 2f · 556L
Markdown 2f · 358L
Shell 1f · 55L
├─
▾
scripts
│ ├─
convert-audio.sh
Shell
│ ├─
send-video.mjs
JavaScript
│ └─
send-voice.mjs
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ All functionality explicitly documented in SKILL.md
✓ Network requests only to official Feishu API (open.feishu.cn)
✓ Shell execution uses controlled commands (ffmpeg/ffprobe) with fixed arguments
✓ Credentials used only for Feishu authentication, not exfiltrated
✓ No access to sensitive filesystem paths (~/.ssh, ~/.aws, .env)
✓ No obfuscation techniques (base64, eval, atob) detected
✓ Temp files created in os.tmpdir() with proper cleanup
✓ No data exfiltration beyond legitimate API calls