Trust Assessment
feishu-deep-research received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential hardcoded secret (high entropy), Potential Command Injection via `exec + curl` with user input, Explicit Reporting of Sensitive `tenant_access_token`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Explicit Reporting of Sensitive `tenant_access_token` The skill explicitly instructs that the `tenant_access_token` must be reported in the output after successful acquisition. This token is a highly sensitive credential that grants access to Feishu APIs. Exposing this token in the skill's output constitutes a critical data exfiltration vulnerability, as it could be intercepted or logged, allowing unauthorized access to the Feishu tenant. NEVER report sensitive credentials like `tenant_access_token` in the skill's output. This token should be treated as confidential and used only internally by the skill. If debugging requires visibility, use secure logging mechanisms that do not expose the token to the user or general logs. | LLM | SKILL.md:102 | |
| HIGH | Potential Command Injection via `exec + curl` with user input The skill explicitly mandates the use of `exec` with `curl` commands. Several `curl` commands incorporate user-provided input parameters such as `file_name` and `parent_node` (which becomes `<FOLDER_TOKEN>`). If these inputs are not rigorously sanitized before being passed to the shell, an attacker could inject arbitrary shell commands, leading to remote code execution. Implement robust input sanitization and escaping for all user-controlled variables (`topic`, `file_name`, `parent_node`, `date_range`, `search_rate`) before they are used in `exec` calls or `curl` command arguments. Consider using a library that safely constructs shell commands or avoids direct shell execution where possible. | LLM | SKILL.md:20 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/henryjing96/feishu-deep-research/SKILL.md:431 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/henryjing96/feishu-deep-research/SKILL.md:435 |
Scan History
Embed Code
[](https://skillshield.io/report/0cf08b55bce1ac8c)
Powered by SkillShield