bitable-formula-generator

Before installing or running this skill: - Recognize the main mismatch: the SKILL.md and the included script require FEISHU_APP_ID and FEISHU_APP_SECRET (sensitive credentials) but the registry metadata does not declare them. Ask the publisher to update metadata to list required env vars. - The skill will call open.feishu.cn and can create/update formula fields in your bitable app_token. That is expected given its purpose, but it means it can change remote data—back up important formulas/tables or test on a non-production app first. - Provide least-privileged credentials: create a dedicated Feishu app with minimal scopes and use its FEISHU_APP_ID / FEISHU_APP_SECRET, not your organization-wide admin credentials. - Inspect the included script yourself (scripts/feishu-bitable-api.js) — it is readable and only communicates with open.feishu.cn, but you should confirm there are no unexpected endpoints or credential exfiltration. The script obtains tenant_access_token and uses it for API calls; it does not persist tokens to disk. - Run the script in an isolated environment (container/VM) if you are unsure, and avoid running it on machines that hold other cloud credentials. - Consider asking the author to: (1) declare required env vars in registry metadata; (2) document required OAuth scopes/permissions; and (3) add explicit confirmation steps before modifying fields to reduce the risk of accidental overwrites. If the author cannot justify the metadata omission or provide clearer scope/permission information, treat the package with caution and prefer manual formula generation or a vetted alternative.