Official Feishu Toolkit

The skill's core functionality and runtime code appear benign, providing a comprehensive toolkit for Feishu API integration (calendar, messaging, approval, etc.). All external API calls are directed to the official Feishu domain. However, the installation instructions in `SKILL.md` and `README.md` recommend executing a remote script via `curl -sL "https://backend.clawd.org.cn/api/skills/official%2Ffeishu-toolkit/install.sh" | sh`. While `clawd.org.cn` is presumed to be the official OpenClaw backend, this `curl | sh` pattern represents a significant Remote Code Execution (RCE) vulnerability, as it executes arbitrary code downloaded from a remote server without prior inspection. This is a high-risk installation method, classifying the skill as suspicious due to this inherent vulnerability, even without evidence of malicious intent in the skill's own code or explicit prompt injection.