Lark Toolkit

Prerequisites & Security

This skill is a documentation-only reference guide. It contains no executable code that accesses credentials automatically.

Required credentials (user-provided, never bundled):

• Lark App ID (app_id) — from Lark Developer Console
• Lark App Secret (app_secret) — from the same console

How credentials are used:

• All API examples in SKILL.md use placeholders (<APP_ID>, <APP_SECRET>, CHAT_ID, etc.) — no real secrets
• The scripts/get_token.sh helper obtains a temporary tenant_access_token from Lark's auth API. It reads credentials from (in order):
  1. Command-line arguments
  2. LARK_APP_ID / LARK_APP_SECRET environment variables
  3. ~/.openclaw/openclaw.json (standard OpenClaw config, path channels.lark.accounts.default.appId/appSecret)
• The script prints the config source to stderr when falling back to the config file
• No credentials are hardcoded, cached to disk, logged, or transmitted beyond the single Lark auth API call
• The token is exported as LARK_TOKEN env var for subsequent commands in the same shell session