Feishu Bitable Attachment

This skill appears to do what it says (upload files to Feishu Bitable), but take the following precautions before installing or running it: - Note the metadata mismatch: the registry did not list required environment variables, but the SKILL.md and code require FEISHU_APP_ID and FEISHU_APP_SECRET. Do not run it without providing credentials for a dedicated, least-privilege test app. - Review the code yourself (or have a trusted reviewer do so). The shipped Python scripts perform arbitrary local file reads and HTTP downloads; if an attacker or an automated process provides a path/URL, sensitive files could be uploaded unexpectedly. - Test in an isolated environment first (use a throwaway Feishu app and app_token) and upload only non-sensitive files. Verify API paths and region base URL (FEISHU_BASE_URL) match your environment — the references document and the code include slightly different endpoint names/paths (likely due to API version differences). - Avoid running this skill as an automated agent with broad filesystem permissions unless you trust all callers/inputs. Limit who can invoke it and validate inputs that control local paths or URLs. - Consider rotating credentials after verifying, and grant the Feishu app only the permissions absolutely necessary (Drive/Bitable scope only). If you want a safer checklist I can produce one (e.g., exact env var values to restrict, sample safe input payloads, or a minimal code diff to add explicit path whitelisting).