ClawHub

Lark

v2.0.1

Deep Lark integration skill. A Digital Command Center powered by a Coordination Diagnosis Engine. It balances speed and tact across chat, approvals, meetings...

1· 549·1 current·1 all-time
by@agisearch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description claim deep Lark integration and coordination features; the skill only requests LARK_APP_ID and LARK_APP_SECRET (expected for a Lark connector) and does not ask for unrelated credentials or binaries. Minor metadata inconsistency: registry summary listed no homepage while skill.json contains a GitHub URL — likely a packaging/metadata mismatch but not functionally problematic.
Instruction Scope
All runtime instructions in SKILL.md describe reading and analyzing Lark content (chat, approvals, meetings, docs, sheets, calendar, inbox) and default to a read-only 'Counselor Mode' unless the user explicitly authorizes write actions. The instructions do not direct the agent to read unrelated system files, other environment variables, or external endpoints beyond the implied Lark API. The skill relies on the host platform's Lark connector to access collaboration data.
Install Mechanism
No install spec and no code files are included (instruction-only). This minimizes the risk of arbitrary code being written to disk or executed by the skill itself. There is no download/installation behavior to inspect.
Credentials
The skill requires only LARK_APP_ID and LARK_APP_SECRET and designates LARK_APP_ID as primary — appropriate for a Lark integration. There are no unrelated secrets requested. Users should be aware that the actual scope of those credentials (read vs read/write) depends on how the Lark app is provisioned; the SKILL.md assumes the connector can read chat, docs, approvals, calendars, etc.
Persistence & Privilege
always is false and the skill is not marked as always-present. The skill does not include install-time behavior that modifies other skills or system settings. The skill allows autonomous invocation (platform default), which combined with Lark credentials could enable actions — but the SKILL.md enforces default Counselor Mode and explicit confirmation for write actions and defines red lines for sensitive operations.
Assessment
This skill appears internally consistent with a Lark command-center integration, but before installing: (1) Verify the Lark app owner and the GitHub homepage in skill.json to confirm source trustworthiness. (2) Provision the Lark credentials with least privilege — start with read-only scopes if possible, and only expand to write scopes for a test account once you trust behavior. (3) Understand that granting LARK_APP_ID/SECRET gives the skill access to your Lark data via the platform connector; confirm which scopes are granted and rotate keys if you revoke access. (4) Rely on the handshake: the skill defaults to read-only Counselor Mode and requires explicit confirmation for writes and the listed red-line actions — exercise caution when switching to Executive Mode and require a second confirmation for high-sensitivity operations. (5) Consider trying the skill first in a limited/test workspace or with a service account to validate behavior before using it on production data.

Like a lobster shell, security has layers — review code before you run it.

collaborationvk971kywxh8caa6kfgmsykjjrrn82jtkeenterprisevk971kywxh8caa6kfgmsykjjrrn82jtkefeishuvk971kywxh8caa6kfgmsykjjrrn82jtkelarkvk971kywxh8caa6kfgmsykjjrrn82jtkelatestvk9740ad1jx8kchy3bfsrxkrykd82qychproductivityvk971kywxh8caa6kfgmsykjjrrn82jtke

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvLARK_APP_ID, LARK_APP_SECRET
Primary envLARK_APP_ID

Comments