Feishu Sheets (Fixed)

This package implements a Feishu Sheets client and will call Feishu's APIs, but it has three red flags you should address before installing: 1) Authentication is required but not declared: the Python script reads FEISHU_APP_ID and FEISHU_APP_SECRET from environment variables to obtain a tenant_access_token. The registry metadata lists no required env vars or primary credential. Only provide those app credentials if you trust the skill owner and have isolated the credentials to an app with minimal privileges. 2) Metadata inconsistencies: _meta.json disagrees with the registry metadata (ownerId/slug/version). Confirm who published this skill and that the package you received matches the registry listing — this could be an accidental mispackaging or indicate a supply-chain issue. 3) Documentation vs code mismatches: the SKILL.md, the API reference, and the Python code differ slightly on endpoints for append/write/add-sheet. Test in a safe environment before using on production spreadsheets. Recommended actions: - Ask the publisher to update registry metadata to declare FEISHU_APP_ID and FEISHU_APP_SECRET (and a primary credential) and to fix version/owner inconsistencies. - Limit the Feishu app credentials to the minimum scopes and use a test tenant/app first. - Review the code locally (it is included) and run it in an isolated environment to verify behavior and to ensure it does not exfiltrate data to unexpected endpoints (it contacts only open.feishu.cn in the provided code). - If you cannot verify the publisher or do not want to expose app credentials, do not install or run this skill.