handoff

The handoff skill is feature-rich and coherently targets session handoff between Claude Code and Lark/OpenCode, including session lifecycle, permission bridging, and admin controls. However, it exhibits notable security and supply-chain risks: dependency on runtime plugin/assets, explicit sandbox bypass for network calls, broad destructive capabilities with user confirmations, and credential exposure through local config and multiple scripts. The overall posture leans toward SUSPICIOUS to HIGH risk due to the expanded trust surface, potential data exfiltration paths, and governance gaps. Recommended mitigations: enforce sandboxing for all network activity, minimize or harden credential exposure (prefer ephemeral tokens, scoped keys, or vault-backed access), restrict destructive actions with auditable approvals, implement explicit access controls and logging, and reduce transitive plugin risk by pinning trusted sources and performing integrity checks on assets. Consider a hardened, read-only or restricted-execution mode for non-admin workflows and introduce audit trails for admin commands.