lark-wiki

Warn

Audited by Socket on Apr 13, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

该技能的业务目的与声明能力基本一致，但它把核心 API 调用与认证处理委托给一个可公开查看却非官方同组织的 `lark-cli`。未见明确恶意外传或越权行为，因此更像可疑/中风险技能：主要问题是供应链信任与凭证经第三方 CLI 转发。

Confidence: 82%Severity: 58%

Audit Metadata

Analyzed At

Apr 13, 2026, 09:52 AM

Package URL

pkg:socket/skills-sh/liangdabiao%2Flark-workflow-feishu-cli%2Flark-wiki%2F@44ebbf2a461c04561874c236d39d9ecd0b23bb7f