lark-calendar

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill performs its stated function of processing business and calendar data using a dedicated API client.
  • Secure Credential Management: The skill uses environment variables (AISKILLS_API_KEY) for authentication rather than hardcoding secrets, which is a recommended security practice.
  • Restricted Communication: The included Python runner (scripts/run.py) communicates exclusively with the vendor's official domain (ai-skills.ai).
  • Input Validation Surface: Input parameters are defined in a schema (references/form-schema.json), which includes specific file type constraints (.xlsx, .xls, .csv, .tsv) for uploads.
  • Transparent Functionality: The script logic is straightforward, focusing on HTTP requests and polling for asynchronous results without the use of dangerous functions like eval() or unauthorized subprocess execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — lark-calendar