GeeLark Complete
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent GeeLark automation runbook, but it needs review because it can use local credentials, unreviewed helper scripts, API/UI automation, and persistent memory for account/profile operations.
Review the referenced helper scripts before running the skill, use a least-privilege GeeLark token, confirm the exact workspace/profile/endpoints before any write or UI action, and prevent tokens, session IDs, or private profile mappings from being saved into persistent memory.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mis-scoped instruction or mistaken automation step could change GeeLark/profile/account state through API or UI actions.
The skill directs the agent to probe/request API endpoints, proceed toward write calls, and switch to UI automation when blocked. Although it includes verification and some limits, the allowed endpoints, profiles, and non-posting mutations are not tightly scoped.
Endpunkt-Footprint (`probe`, `request`) - Lesende Ersttests vor schreibenden Calls ... 4. Bei API-Blocker auf UI-Fallback wechseln.
Require explicit user approval before any write, upload, profile, sync, or posting-related action; define allowed endpoints and target profiles; prefer dry-runs and reversible actions.
Installing the skill could lead the agent to execute local helper code whose provenance and safety were not reviewed in this artifact set.
Core operations depend on helper scripts that are not included or pinned in the reviewed skill package, so their behavior cannot be assessed here while they would run with local API/sync authority.
SKILL.md references `scripts/geelark/local_client.py` and `scripts/geelark/sync_client.mjs`; the file manifest lists only `SKILL.md`.
Inspect and pin the helper scripts before use, include them in the reviewed package or document their trusted source, and avoid running them with production credentials until verified.
Actions may be performed with the user's GeeLark authority, so mistakes could affect real profiles, assets, or workspace data.
The skill expects a GeeLark bearer token and signed native-app authentication. This is purpose-aligned for GeeLark automation, but it grants delegated account/workspace authority and is not declared in registry credential metadata.
`GEELARK_API_KEY=<bearer token>` ... `Signierte Requests mit `app-id` + `app-auth``
Use least-privilege tokens, keep the `.env` file private, verify the target workspace/profile before actions, and rotate credentials if helper script behavior is uncertain.
Profile identifiers, proxy/phone mappings, session details, or troubleshooting outputs could be stored and reused in later tasks beyond the user's immediate intent.
The skill instructs the agent to persist operational details and every reproducible finding, but it does not define what must be redacted, how long data is retained, or when the user must approve saving it.
`phone_id` Mapping aus Dashboard/Baserow festhalten ... Jede reproduzierbare Erkenntnis in Memory/Skill-Doku hinterlegen
Ask before saving operational details, redact tokens/session IDs/private identifiers, scope memory to the current project, and add retention or cleanup guidance.