mcp-lark
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx -y mcporter, which downloads and executes themcporterpackage from the NPM registry to facilitate MCP server communication. - [COMMAND_EXECUTION]: Provides shell commands to list and call tools on remote MCP servers hosted at
open.larksuite.comandopen.feishu.cn, which are official domains for the Lark/FeiShu platforms. - [DATA_EXFILTRATION]: Instructions suggest managing sensitive configuration, such as MCP server URLs containing access tokens, via
.envfiles or system environment variables for legitimate authentication purposes.
Audit Metadata