Lark Bot
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: xiaoman-lark-bot Version: 1.0.1 The skill bundle provides a legitimate integration for Lark/Feishu bots, covering message delivery, Bitable task management, and Wiki operations. The implementation uses standard Python libraries (urllib.request) to interact exclusively with official Lark API endpoints (open.larksuite.com) and follows security best practices by retrieving sensitive credentials from environment variables. No evidence of data exfiltration, malicious execution, or prompt injection was found across the scripts or documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is exposed, someone who sees it may be able to call Lark APIs with the bot app's permissions until the token expires or is revoked.
The documentation example retrieves a Lark tenant access token and prints it. That token can carry the Lark app's workspace permissions, so displaying it can leak credential material into logs or the agent transcript.
token = get_tenant_access_token()
print(f"Token: {token}")Do not print or paste access tokens. Remove this example output, redact tokens in logs, and rotate the Lark app secret if a token has been exposed.
An agent using this skill can add or change task records in the configured Lark Bitable table.
The Bitable helper can create and update workspace records. This is consistent with the advertised task-management purpose, but it is still mutation authority in a third-party workspace.
return api("POST", "/records", {"fields": fields})
...
return api("PUT", f"/records/{record_id}", {"fields": {"状态": status}})Use a Lark app with only the permissions and table access needed, and have the agent confirm before creating or changing workspace records.
If the server is started without the secret or is exposed on a network, non-Lark callers can spoof webhook events and inject message content into the bot's processing/logs.
The webhook server listens on all network interfaces and accepts requests without signature verification if LARK_APP_SECRET is not set. Although the secret is declared as required, the runtime behavior fails open.
if not APP_SECRET:
return True # 未配置密钥时跳过验证
...
server = HTTPServer(('', PORT), Handler)Fail closed when LARK_APP_SECRET is missing, bind to localhost unless a public webhook endpoint is intentionally needed, and require verified Lark signatures before processing events.