Trust Assessment
feishu-interactive-cards received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 0 high, 1 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Node lockfile missing, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Axios POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/leecyang/feishu-interactive-cards/scripts/send-card.js:31 | |
| CRITICAL | Network egress to untrusted endpoints Axios POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/leecyang/feishu-interactive-cards/scripts/send-card.js:41 | |
| CRITICAL | Command Injection via Unsanitized Chat ID in Skill Usage Example The `SKILL.md` documentation provides an example of how an agent should invoke the `send-card.js` script using an `exec` command. In this example, the `chatId` variable is directly interpolated into the shell command string without proper sanitization or escaping. If a malicious user can control the `chatId` value (e.g., by providing a chat ID containing shell metacharacters like `;`, `&`, `|`, `$(`, etc.), they could inject arbitrary shell commands to be executed on the host system. Although the `send-card.js` script itself parses its arguments safely, the method of invocation demonstrated in the documentation creates a critical vulnerability. The `chatId` variable must be properly sanitized or escaped before being interpolated into a shell command string. A safer approach is to use an `exec` function that accepts an array of arguments, preventing shell interpretation of individual arguments. For example, `exec({ command: 'node', args: ['...', '--chat-id', chatId] })`. Alternatively, expose a direct JavaScript API for sending cards that agents can call, avoiding shell execution entirely. | LLM | SKILL.md:64 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.13.4'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/leecyang/feishu-interactive-cards/scripts/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/leecyang/feishu-interactive-cards/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/leecyang/feishu-interactive-cards/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/d715ab900a20bef3)
Powered by SkillShield