Security audit
Lark CLI Dev Hub
Security checks across malware telemetry and agentic risk
Overview
This is a transparent workflow skill for using Feishu/Lark as a development knowledge hub, with no hidden executable code or artifact-backed malicious behavior found.
Install this only if you want your agent to read and write development records in your configured Feishu/Lark workspace. Review the hook mode before enabling enforcement, and keep the documented boundary against recording secrets or full environment files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.
Static analysis
No suspicious patterns detected.
