Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (预约会议室) matches the code: scripts call lark-cli to list rooms, check availability, and create calendar events. The skill edits local conf/meeting.json and meeting_room_blacklist.json as described. One minor mismatch: registry metadata lists no required binaries while SKILL.md and the code require the 'lark-cli' binary and a Python runtime with dependencies (e.g., loguru).
Instruction Scope
SKILL.md instructs running the included scripts, performing initialization, and editing the blacklist JSON. The runtime instructions and the scripts align: they read/write only the repo's conf/ files and invoke lark-cli. The code does not attempt to read unrelated system files or send data to endpoints other than via lark-cli. It will invoke lark-cli as bot and user (so actions are performed under those identities).
Install Mechanism
There is no install spec. The skill includes Python scripts but does not declare Python dependencies (loguru) or mention installing them. The SKILL.md notes dependency on an already-configured 'lark-cli' but the registry metadata doesn't list it as a required binary. This missing install/dependency information is an engineering gap (not an obvious malicious signal) and may cause runtime failures or confusion.
Credentials
The skill does not request environment variables or unrelated credentials. It relies on local lark-cli authentication (the user's configured bot/user tokens/accounts) which is proportionate to the stated purpose. Note: the skill will run lark-cli with '--as bot' and '--as user', so it will act with whatever privileges those local credentials confer — users should ensure those accounts are appropriately scoped.
Persistence & Privilege
always is false and the skill edits only its own repository conf/ files (meeting.json and meeting_room_blacklist.json). It suggests a sudo chown example only as a permission hint; it does not modify other skills or global agent settings. No elevated persistent system presence is requested.
Assessment
This skill appears to do what it says: it calls the local 'lark-cli' to list rooms, check availability, and create calendar events, and it edits conf/meeting.json and conf/meeting_room_blacklist.json. Before installing/running: 1) Ensure you have lark-cli installed from a trusted source and are logged in; the skill will act with the bot/user identities configured in your lark-cli. 2) Install required Python dependencies (the code uses loguru and other stdlib modules) or run the scripts in a controlled environment. 3) Be aware the skill will write to the repo's conf/ directory (it may suggest changing ownership if permission is lacking). 4) If you need more assurance, ask the author to add an install spec that lists required binaries and Python packages and to include a README on the exact lark-cli scopes needed. 5) Do not grant more privileged bot/user tokens to lark-cli than necessary for meeting/calendar operations.Like a lobster shell, security has layers — review code before you run it.
latestvk97ed6atx4fwz1fy1ctem1j6nh849m7h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.