Feishu Messaging

This skill appears to be a plain instruction guide for using the Feishu (Lark) SDK, but there are mismatches you should consider before installing or using it: - Credentials: The examples require an app_id and app_secret and bot scopes (im:message:send_as_bot, etc.), but the skill metadata declares no required credentials. That means the skill may expect you to supply secrets at runtime — only provide these for a dedicated, limited-permission Feishu app and rotate them after testing. - File access and data exfiltration: Example code opens local files and uploads them to Feishu. If you run this skill (or allow an agent to run it), ensure it won’t automatically access sensitive files. Limit the agent’s working directory and verify what will be uploaded. - Source and provenance: The skill has no homepage and unknown source. Prefer official or well-documented Feishu integrations. Ask the publisher for the origin, intended deployment model, and whether this is just documentation rather than executable instructions. - Least privilege: If you proceed, create an app with the minimum required scopes, do not reuse high-privilege org credentials, and audit activity logs in Feishu for unexpected messages/uploads. - Validation: Because the skill is instruction-only, review the actual commands the agent will run. Consider running examples in an isolated environment first. If you need help assessing what exact permissions to grant or how to sandbox the skill, provide how you plan to invoke it (interactive vs autonomous agent) and I can give concrete hardening steps.