Lark Toolkit
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is an openly documented Lark/Feishu API toolkit, but it can use your Lark app credentials to perform broad workspace read/write actions if you run its examples or helper.
Before installing, make sure you want an agent to have Lark/Feishu API guidance. Use a dedicated low-privilege Lark app, grant only the permissions needed for the task, protect app secrets and tenant tokens, and require explicit confirmation for any action that sends messages, changes members, edits docs/tasks/calendar data, or shares content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the helper or API examples with real credentials may give the agent access to Lark workspace data and actions allowed by that app.
The skill needs Lark app credentials and can read them from the OpenClaw config; this is expected for a Lark API toolkit but gives tenant-level access according to the app's granted permissions.
Required credentials ... Lark App ID ... Lark App Secret ... reads credentials from ... LARK_APP_ID / LARK_APP_SECRET ... ~/.openclaw/openclaw.json
Use a dedicated Lark app with least-privilege permissions, keep app secrets and tokens out of chat/logs, and rotate credentials if exposed.
If used carelessly, the agent could send messages, read chat history, alter groups, create/update tasks or calendar events, or change document permissions.
The documented scope includes broad read/write operations through MCP tools and direct curl APIs; this is purpose-aligned but can affect business data.
Covers all Lark operations ... managing groups or members ... creating calendar events ... docs/bitable/wiki/OKR/tasks ... any Lark Open API operation
Ask the agent to confirm before any write, share, delete, member-management, or bulk operation, and prefer read-only permissions when possible.
Running or sourcing the helper will send the app ID and secret to Lark's auth endpoint and print/export the resulting token in the shell session.
The included shell helper reads local configuration and makes a Lark auth API request; this is disclosed and user-directed, not automatic.
CONFIG="${OPENCLAW_CONFIG:-$HOME/.openclaw/openclaw.json}" ... RESPONSE=$(curl -s https://open.larksuite.com/open-apis/auth/v3/tenant_access_token/internalInspect the script before use, run it only in a trusted shell, and avoid exposing the printed tenant token.
A poorly secured webhook could receive spoofed or unintended messages and route them into the agent workflow.
The webhook setup can expose a public event receiver that routes Lark messages to the agent; origin verification depends on correct configuration.
Webhook ... Requires public URL (tunnel or cloud server) ... Token verification — Check header.token matches verificationToken (if configured)
Use HTTPS, configure the Lark verification token and encryption key where available, restrict tunnel exposure, and keep requireMention or equivalent access controls enabled.