Back to skill

Security audit

Lark Integration

Security checks across malware telemetry and agentic risk

Overview

This Lark-to-OpenClaw bridge matches its stated purpose, but it creates a powerful public chat-to-agent pathway with weakly scoped triggers, webhook hardening gaps, broad local OpenClaw authority, and persistent service guidance that users should review carefully.

Install only if you intend to run a long-lived bridge from Lark into OpenClaw. Before enabling it, restrict it to approved chats or explicit bot mentions, put the webhook behind HTTPS and request verification, avoid running it as root, protect the app secret file, confirm the service script points to the intended bridge file, and understand that chat messages and images may be sent into OpenClaw with broad local operator authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The documented group-chat activation rules are broad enough to capture ordinary conversation, causing the bridge to forward unintended group messages to OpenClaw. In this skill’s context, that means user text and possibly referenced images may be sent to another system without a clear per-message consent boundary, increasing privacy and data-handling risk in shared chats.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes downloading images from Lark, converting them to base64, and forwarding messages to OpenClaw, but it does not prominently warn users that message content and attachments leave the chat platform and are sent to external services. In an integration skill handling communications data, missing disclosure can lead to unintentional sharing of sensitive business content, documents, or images.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide instructs users to place an app secret on disk and expose a webhook on port 3000, but it does not warn about secret handling, file permissions, TLS, source-IP restrictions, or request verification. In an integration skill, this omission can lead to credential disclosure or unauthorized access to the webhook if operators follow the setup literally in an insecure environment.

Known Vulnerable Dependency: ws==8.18.0 — 2 advisory(ies): CVE-2026-45736 (ws: Uninitialized memory disclosure); CVE-2026-48779 (ws: Memory exhaustion DoS from tiny fragments and data chunks)

High
Category
Supply Chain
Confidence
96% confidence
Finding
ws==8.18.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/bridge-webhook.mjs:22