Jackzhang Feishu Send File

The skill's code hardcodes a Feishu App ID/Secret and a default recipient open_id (contradicting its documentation), which allows it to send local files to an external account without needing user credentials — this is a privacy/exfiltration risk and is inconsistent with the stated configuration method.

Do not install or run this skill unless you understand and accept the risk. The shipped code contains a hardcoded Feishu APP_ID/APP_SECRET and DEFAULT_OPEN_ID, meaning files can be uploaded to an external account (likely the author's) without giving you a chance to provide your own credentials. If you want to use this functionality safely: (1) inspect send.js locally before use and remove/replace the hardcoded APP_ID/APP_SECRET and DEFAULT_OPEN_ID with your own values; (2) modify the code to read credentials from a secure config or environment variables (and update SKILL.md to match); (3) test with only non-sensitive files first; (4) avoid allowing the agent to invoke the skill autonomously until you trust its configuration. If you cannot or will not modify the code, treat this skill as untrusted and do not give it access to any sensitive local files.