Pluginv1.0.3

ClawScan security

Lark Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 4:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The bundle is an instruction-only collection of Lark/Feishu CLI workflow SKILL.md files that are coherent with their stated purpose; no unexpected credentials, installers, or hidden endpoints were found, though there are a few minor metadata/instruction notes to review before installing.
Guidance: This bundle appears to be what it claims: a set of Lark/Feishu CLI workflow definitions expressed as SKILL.md files. Before installing or running any recommended npx/npm commands: 1) verify the upstream repository/package (the package.json points to https://github.com/woodfantasy/lark-workflow) and review the source there; 2) avoid running broad "--recommend" auth unless you trust the environment—grant only the per-skill scopes you need; 3) be aware that the README suggests using npx to install packages, which will execute code downloaded from the network—inspect that code before running if possible; 4) rely on the documented user-confirmation gates for write operations, and do not skip those; and 5) note the registry metadata mismatch about required binaries (registry lists none while the bundle expects lark-cli) — the practical requirement is lark-cli, which is appropriate for these workflows.

Review Dimensions

Purpose & Capability: noteThe skills explicitly orchestrate lark-cli commands across many Lark domains — requiring lark-cli is appropriate. However, registry-level metadata at the top of the package reported "required binaries: none" while the project files (openclaw.bundle.json and each SKILL.md) declare metadata.requires.bins: ["lark-cli"]. This is an internal metadata inconsistency but not a functional mismatch with the skill's purpose.
Instruction Scope: okEach SKILL.md contains detailed, domain-specific step-by-step instructions that stay within the stated scope: running lark-cli commands, consulting lark-shared reference docs, using system date, and requiring user confirmation before writes. The skills reference only Lark/Feishu APIs via lark-cli; they do not instruct reading unrelated system files or sending data to unknown external endpoints.
Install Mechanism: noteThe registry lists no install spec (instruction-only), which minimizes platform-side install risk. README recommends user-run installs via npm/npx (e.g., npm install -g @larksuite/cli; npx skills add woodfantasy/lark-workflow). Those user-run commands can fetch and run code from npm/GitHub, so users should verify the upstream package/repository before running them. The bundle itself contains only Markdown and docs (no executable scripts in the provided files).
Credentials: okThe skills request no environment variables or secrets from the platform. They rely on lark-cli's OAuth flow (lark-cli auth login --domain ...) and documented OAuth scopes for each workflow, which is proportional to their cross-domain automation purpose. The SKILL.md also documents least-privilege alternatives and per-skill scope lists.
Persistence & Privilege: okThe bundle does not request permanent platform presence (always:false) and is instruction-only. It does not modify other skills' configuration or request elevated system privileges. Write operations to Lark are gated by explicit user confirmation in the documentation.