feishu-bitable

The skill's stated purpose (manage Feishu Bitable) is plausible, but the package contains multiple inconsistencies and risky patterns (missing declared credentials, cross-skill file imports, hard-coded app token, and top-level execution) that do not align cleanly with its description.

Before installing or running this skill: 1) Do not provide your FEISHU_APP_ID / FEISHU_APP_SECRET until the developer clarifies why the package metadata omitted them. 2) Inspect the 'feishu-doc/lib/auth' module (or the platform's equivalent) that this code imports — the skill expects to call getTenantAccessToken from another skill; confirm that module is legitimate and won't leak tokens. 3) Note the JS files call main() at top-level and will perform network calls (list/add records) immediately; avoid auto-running these files in production. 4) Remove or review the hard-coded appToken values — they may be a leaked credential or may cause unexpected behavior. 5) If you need this capability, ask the author to: declare required env vars in the skill metadata, remove top-level side effects (export functions only), avoid importing sibling-skill paths, and avoid hard-coded secrets. If you cannot verify these points, test the skill in an isolated environment and do not use real credentials.