ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

my-lark

v3.0.0

飞书全能力技能。基于飞书官方工具服务,支持消息、群组、云文档、云盘、知识库、日历、审批、多维表格、电子表格、画板、通讯录全部模块。面向小白:安装即用,每一步都有操作指引;面向AI:每个接口均有调用示例、参数说明、权限要求和异常处理。触发词:发消息、搜索文档、查日历、查审批、建日程、拉群列表等。

0· 77·0 current·0 all-time
by@longsasasasasa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is a Feishu/Lark integration and legitimately needs app/user credentials and the lark-mcp CLI. However SKILL.md repeatedly states "技能本身不含任何凭证" and instructs users to store credentials in /workspace/.lark_tokens.json, while lark_mcp.py contains hardcoded APP_ID and APP_SECRET values. That contradicts the stated claim and means the skill will perform some actions under the embedded credentials rather than the user's.
!
Instruction Scope
Instructions reference several different token paths (primary instructions use /workspace/.lark_tokens.json but some reference files under ~/.lark_tokens.json and different file locations for the script). The provided runtime commands point at /workspace/skills/lark-skill/lark_mcp.py while the script header and manifest suggest different paths. The code will read /workspace/.lark_tokens.json for user token use but will ignore it for App Token calls because APP_ID/APP_SECRET are hardcoded.
Install Mechanism
No install spec in the bundle; SKILL.md suggests installing @larksuite/lark-mcp via npm (a normal public package). There is no download-from-arbitrary-URL or archive extraction in the manifest.
!
Credentials
The skill requests no environment variables, but the code includes hardcoded credentials (APP_ID and APP_SECRET) inside lark_mcp.py. This is disproportionate to the stated promise that the skill contains no credentials and means actions may occur under the author's/maintainer's app identity rather than the user's — a potential for unwanted access or data exposure.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistence or modify other skills. It performs network calls to Feishu and runs a local CLI subprocess, which is expected for this functionality.
Scan Findings in Context
[hardcoded-credentials] unexpected: lark_mcp.py defines APP_ID and APP_SECRET constants with values. SKILL.md explicitly states the skill contains no credentials and that credentials should be stored in /workspace/.lark_tokens.json — the hardcoded secrets contradict that claim and are not expected behavior for a user-focused skill.
[credential-path-inconsistency] unexpected: SKILL.md and references use both /workspace/.lark_tokens.json and ~/.lark_tokens.json and reference different script paths. This inconsistent guidance can cause confusion and may hide which credentials are actually used.
What to consider before installing
Do not install or run this skill in a production or sensitive account until the credential issue is resolved. Key points to consider before proceeding: - The shipped Python code contains a hardcoded App ID and App Secret: that means some API calls will be made under those embedded credentials (likely belonging to the skill author), not under your app. This can give the author/control-plane visibility or control over actions and is a privacy/security risk. - Ask the maintainer to remove hardcoded credentials and to use only the token file you provide, or replace the values in the code with your own app_id/app_secret before use. Prefer a version that reads credentials only from the documented token file. - Resolve the path inconsistencies (the docs alternate between /workspace/.lark_tokens.json and ~/.lark_tokens.json and reference differing script locations) so you know exactly which file is used. - Review or audit the lark-mcp npm package before installing it globally, and consider running the skill in an isolated environment (separate account or sandbox) first. - If you already used this skill with sensitive tokens, rotate those credentials (app_secret / tokens) to be safe.

Like a lobster shell, security has layers — review code before you run it.

feishuvk9790m7mt75yqm0sgjhvcpn6zs83v52flarkvk9790m7mt75yqm0sgjhvcpn6zs83v52flatestvk9790m7mt75yqm0sgjhvcpn6zs83v52f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments