lark-vc
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates integration with Lark's Video Conferencing (VC) services. It uses the
lark-clitool to interact with official Lark APIs (e.g.,/open-apis/vc/v1/meetings/search). - [COMMAND_EXECUTION]: The skill uses
lark-clifor various operations, which is the intended mechanism for this vendor-provided tool. The commands are structured and restricted to the defined resources (vc,drive,docs). - [EXTERNAL_DOWNLOADS]: The skill downloads meeting transcriptions and AI artifacts directly from Lark's infrastructure to a local output directory. These are part of the primary functionality (retrieving meeting records) and are directed to the user's local environment.
- [DATA_EXFILTRATION]: While the skill reads sensitive meeting data (notes, transcripts, summaries), it does so within the authenticated context of the Lark CLI. There are no patterns suggesting the exfiltration of this data to unauthorized third-party domains. All documented endpoints belong to the
larksuiteecosystem. - [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill explicitly delegates authentication to a shared module (
lark-shared/SKILL.md) and requires the user to runlark-cli auth login.
Audit Metadata