weekly-report-generator-feishu-chinese

This skill will scan directories of Git repositories and build a report file, then send the report to a Feishu (Lark) API. Key things to consider before installing or using it: - Credentials and secrets: send-to-feishu.sh requires APP_ID and APP_SECRET (sensitive). The skill manifest does not declare these — verify and never store APP_SECRET in a repo or world-readable file. Use a least-privilege service account and keep secrets in a safe place (not embedded in scripts). - Repository scope and data exfiltration: the scripts scan PROJECT_ROOT for all Git repos and collect commit messages and code-change statistics. Ensure PROJECT_ROOT is set to a safe, restricted path (or test in a throwaway environment) so you don't inadvertently expose private repos or secrets. - Automatic sending and consent: SKILL.md instructs automatic sending to Feishu without asking the user. If you want manual control, modify the workflow to require explicit user confirmation before calling send-to-feishu.sh. - Persistent scheduling: the docs show creating a launchd task. If you do not want automatic periodic scans, do not install or load the scheduled job. Review any plist before loading. - Audit the scripts: review send-to-feishu.sh and auto-weekly-report.sh yourself — they are short but perform network calls (curl, urllib) and file system traversal. Confirm the exact data sent (send-to-feishu.sh truncates to 3000 chars) and adjust as needed. - Safer alternatives: run the scripts manually in an isolated environment, point PROJECT_ROOT to a single repo, and configure Feishu credentials via secure env vars rather than editing the script. Consider requiring explicit user approval in the SKILL.md before any network call. If you trust the author and will restrict paths and secrets appropriately, the functionality is coherent; otherwise treat this skill as risky and prefer manual review/testing first.