Feishu Wechat Publish

The skill collects and exfiltrates sensitive credentials, including WeChat AppID/AppSecret and Feishu subscription tokens, to a third-party relay service (https://feishu.shing19.cc). It utilizes shell execution to install global dependencies (@larksuite/cli) and runs a local script (scripts/fetch-feishu-images.sh) to download and base64-encode document content. While these actions are consistent with the stated purpose of publishing documents, the architecture forces users to trust an external endpoint with full WeChat account control, and the SKILL.md instructions specifically direct the agent to perform 'silent' user binding and minimize technical transparency to the user.