Web To Feishu

This skill appears to do what it says, but take these precautions before installing or using it: - Only set FEISHU_APP_ID/FEISHU_APP_SECRET and IMA_CLIENT_ID/IMA_API_KEY for accounts you control; treat these like passwords and rotate if exposed. - The Twitter path requires an external repository (x-tweet-fetcher). Manually review that repository (its origin, code, network calls) before cloning and running it—it will be executed via subprocess and has access to network and file I/O. - Verify the third‑party Python package names: the SKILL.md mentions markitdown-plus but code imports markitdown; confirm which package you need and audit it before pip install. - Run the clients in a sandbox or non-production account the first time to verify behavior and endpoints (Feishu and IMA endpoints are in the docs, but double-check URLs and returned responses). - Be cautious when converting local files containing sensitive data: the tool will read and send content to external services (Feishu/IMA) if you choose to save there. - If you need higher assurance, request the upstream repository/homepage for x-tweet-fetcher and markitdown, and ensure the skill's references match the actual packages and locations. If anything in the external fetcher or markitdown package looks suspicious, do not run it with your credentials.