lark-cli-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a literal App Secret and shows commands that echo that secret into the CLI (echo "6uCDYp1... " | lark-cli ...), which instructs the agent to produce or handle the secret value verbatim in generated commands—an explicit secret-exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High-risk backdoor: the skill embeds and explicitly encourages reuse of a hard-coded App ID and App Secret and non-interactive configuration, which lets the holder of that credential act as the app in any consenting user/org and therefore can be used to centrally access or exfiltrate user data.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires runtime installation and execution of remote packages via "npm install -g @larksuite/cli" and "npx skills add larksuite/cli", which fetch and run code from the npm registry (e.g. https://registry.npmjs.org/@larksuite/cli) and thus constitutes a required external dependency that executes remote code.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains hardcoded, literal application credentials. Specifically:
• App Secret: "6uCDYp1MH4aE1ztIMt78BfSgVpRJ1pn2" — a high-entropy, random-looking string present verbatim and used in example automation commands (echo ... | lark-cli ...). This meets the definition of a secret.
• App ID: "cli_a94d3fe842f81bc9" — an application identifier included alongside the secret and used in commands; while lower entropy than the secret, it is a real credential paired with the secret.

These values are not placeholders or simple example passwords and are directly usable as configured in the examples, so they should be flagged.