Skills
skills/larksuite/cli/lark-whiteboard/Gen Agent Trust Hub

lark-whiteboard

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and runs local JavaScript files (e.g., generate-fishbone.js, generate-flywheel.js) using node. These scripts calculate geometric coordinates for diagram nodes. This represents dynamic execution of generated code.
  • [REMOTE_CODE_EXECUTION]: Uses npx to fetch and execute the @larksuite/whiteboard-cli package. While this is a vendor-owned package, the npx command executes code from an external source at runtime.
  • [EXTERNAL_DOWNLOADS]: Instructions include downloading and installing the @larksuite/whiteboard-cli npm package via npm install -g or npx. This fetches code from the npm registry.
  • [COMMAND_EXECUTION]: Executes lark-cli commands to interact with Lark document APIs, including +fetch for fetching whiteboard tokens and +whiteboard-update for uploading diagram data. This involves authenticated network requests to vendor services.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:44 AM