lark-openapi-explorer

SUSPICIOUS: the stated purpose is coherent and the doc/data flow targets official Feishu/Lark domains, but the skill’s required `lark-cli` binary is not verified as an official publisher-controlled tool in the provided evidence. Because that binary likely handles authenticated API calls, the main risk is supply-chain plus credential forwarding rather than obvious malware.