lark-router

SUSPICIOUS. The skill’s purpose and documented behavior are coherent for Lark auth routing, and `lark-cli` appears to be an official same-org tool. The main issue is that the skill depends on `larc`, whose ownership and release provenance were not verified; under the required scoring rules, a required unverifiable CLI makes the skill high security risk even without direct evidence of exfiltration.