feishu-broadcast

The skill mostly does what it claims (broadcast to all Feishu users) but its metadata and instructions omit required credentials and it reads/writes env/config files outside its own folder and invokes other skills via shell, which is disproportionate and risky.

This skill's code largely matches its advertised function (sending posts and images to all Feishu users), but it has several practical and security mismatches you should consider before installing or running it: - Credentials missing from metadata: The package and SKILL.md do not declare that FEISHU_APP_ID and FEISHU_APP_SECRET are required, but the code will fail without them. Treat those as required secrets for this skill. - Reads/writes outside its folder: The code searches for .env files in parent directories and writes a token cache at a relative ../../../memory/feishu_token.json. That can expose unrelated secrets or clobber other tooling. If you run this, place it in an isolated working directory or inspect/adjust the paths. - Shell execution & injection risk: index.js calls other skill scripts via child_process.exec with interpolated string arguments (e.g., --title). If titles or other inputs come from untrusted sources they could enable shell injection. Prefer execFile/spawn with an args array or ensure inputs are escaped. - Cross-skill dependency: The script invokes skills/feishu-post/send.js and skills/feishu-sticker/send.js; verify those scripts exist and review their code before running, since they will be executed for every recipient. - Broadcast risk: This tool will message every user in the tenant — test with dry-run mode and a small subset before any full run to avoid accidental mass messages. Recommendations: 1) Do not run this in a production tenant until you review and confirm the other skills (feishu-post, feishu-sticker). 2) Provide FEISHU_APP_ID/FEISHU_APP_SECRET via a controlled .env placed in the skill directory (avoid relying on ancestor .env files) or set them in a secure environment store. 3) Change temporary command invocation to use spawn/execFile with argument arrays or properly escape/validate --title/--image inputs. 4) Consider updating the skill metadata and SKILL.md to list required env vars and the token cache path. 5) Run in an isolated environment (container) to limit filesystem exposure. Given the omissions and the filesystem/exec behavior, the skill is suspicious but not clearly malicious; inspect and harden it before use.