lark-share
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by requiring a preview and explicit user confirmation before sending any data externally via the Lark webhook. Sensitive configuration like the
webhook_tokenis stored locally in the user's home directory (~/.lark-share/config.json) rather than being hardcoded. The external network communication is directed to a well-known service (Lark/ByteDance official API domainopen.larksuite.com). Command execution is limited to internal Python scripts and standard shell commands for configuration management. No obfuscation or malicious persistence mechanisms were detected.
Audit Metadata