Official Feishu Toolkit

What to check before installing: - Do NOT run curl https://backend.clawd.org.cn/... | sh without review. That command downloads and executes an external script from an unknown host—inspect the script contents and verify its source first. - Verify the 'uv' brew formula: confirm which tap provides it and inspect the formula contents. 'uv' is not a common system dependency for Python/uvicorn, so confirm it's legitimate for your environment. - The skill will get FEISHU_APP_ID and FEISHU_APP_SECRET; those credentials let the app obtain tenant_access_token and perform all API actions listed (send messages, read contacts, manage approvals, attendance, bitable, calendar). Only grant the minimum permissions needed in the Feishu developer console and consider using a dedicated test app/tenant first. - If you want lower risk, install from the included source files directly: create a Python virtualenv, pip install the package dependencies from pyproject.toml, set env vars locally, and run uvicorn pointing at feishu_toolkit.main — avoid opaque install scripts. - If the publisher can provide an official homepage or signed release (or if the install script is hosted on a well-known, verifiable domain such as a GitHub release), that would reduce supply-chain concern; ask the publisher for those artifacts. If you cannot verify the install sources, treat this skill as higher risk.