ClawHub

Lark Work Report

v0.1.0

Use this skill when the user wants to report task results to Feishu/Lark after completion, with a preflight check that the reporting channel is available.

0· 238·0 current·0 all-time
by@xukp20
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md only describes finding/creating a work group and sending concise reports via the Lark MCP APIs, which is exactly what a Lark reporting skill would need.
Instruction Scope
Instructions are narrowly scoped to discovering/creating a reporting chat and sending a test + final report. It explicitly requires user confirmation before sending and documents non-goals (no polling, no monitoring). Note: the runtime will ask for user identity details (name/mobile/email/open_id) when it must resolve or create group membership — this is expected but is personal data the user should approve providing.
Install Mechanism
No install spec and no code files — instruction-only skill. Lower risk because nothing is written to disk. The package references an MCP dependency in agents/openai.yaml (lark-mcp), which is expected for MCP-based integrations.
Credentials
The skill declares no required env vars or credentials. It relies on the platform's MCP tool (lark-mcp) to provide authenticated access to Feishu/Lark APIs; that is proportionate to the stated purpose. Users should verify that the MCP/tool has only the permissions they expect (send messages, create chats, lookup users).
Persistence & Privilege
always is false and the skill does not request persistent system-level presence or modify other skill configs. Autonomous invocation is allowed (platform default) but the skill's instructions emphasize explicit user confirmation before switching or creating groups.
Assessment
This is an instruction-only Lark/Feishu reporting helper and appears coherent. Before enabling: (1) confirm your agent's lark-mcp integration has only the permissions you want (message send, chat create, user lookup) and review any audit logs for actions; (2) be prepared to provide identity details (email/mobile/open_id) when asked — these are required only to resolve or invite the user and are not stored by the skill itself; (3) note that the skill can be invoked autonomously by the agent (platform default) but the SKILL.md requires user confirmation before creating or switching groups — if you want to be extra safe, restrict autonomous invocation or require explicit user prompts in your agent settings; (4) the package has no external install or code, so risk is limited to what the MCP integration can do.

Like a lobster shell, security has layers — review code before you run it.

latestvk978b01w66a1gaywm0rhh9k7hh82j217

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments