larc-onboarding
Fail
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute code directly from the internet using the piped command
curl -fsSL https://raw.githubusercontent.com/ShunsukeHayashi/lark-agent-runtime/main/scripts/install.sh | bash. - [EXTERNAL_DOWNLOADS]: The skill downloads external resources and installation scripts from the
ShunsukeHayashiGitHub repository. - [COMMAND_EXECUTION]: The skill performs global system-level changes, including the installation of the
@larksuite/cliNode.js package and the execution of a local shell scriptscripts/install-openclaw-larc-runtime-skill.shprovided with the skill.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ShunsukeHayashi/lark-agent-runtime/main/scripts/install.sh - DO NOT USE without thorough review
Audit Metadata