skills/yjwong/lark-cli/sheets/Socket

sheets

Warn

Audited by Socket on Mar 30, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS: The skill’s stated purpose and requested permissions are coherent for reading Lark spreadsheets, and data flow appears aimed at official Lark services. However, the core dependency is an unverifiable bundled binary (`tools/bin/lark`) with no source or integrity evidence in the skill, which materially elevates supply-chain risk even without signs of overt malware.

Confidence: 88%Severity: 78%

Audit Metadata

Analyzed At

Mar 30, 2026, 03:21 AM

Package URL

pkg:socket/skills-sh/yjwong%2Flark-cli%2Fsheets%2F@300d1eef78126a873f4bc8afda0dd156abeb4363