lark-contact

SUSPICIOUS. The stated purpose is coherent with querying contact and org-directory data, and there is no direct sign of exfiltration or unrelated capability in this fragment. However, the skill depends on an external `lark-cli` binary whose provenance, install source, and credential handling are not shown here, and critical auth behavior is deferred to another file not provided. That missing trust and data-flow context keeps the risk above benign, but there is not enough evidence in this fragment alone to call it malicious.