Skills
skills/aradotso/hermes-skills/openclaw-lark-integration/Gen Agent Trust Hub

openclaw-lark-integration

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @larksuite/openclaw-lark and openclaw packages from the official npm registry. These are expected dependencies for the described functionality.
  • [COMMAND_EXECUTION]: The documentation includes standard CLI commands for starting and operating the OpenClaw service.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by handling untrusted data from external sources.
  • Ingestion points: Reads content from Lark messages, documents, and Base records (SKILL.md).
  • Boundary markers: Absent. No delimiters or warnings are provided to help the agent distinguish between instructions and data.
  • Capability inventory: The skill is capable of performing write operations such as sending messages, creating documents, and managing database records (SKILL.md).
  • Sanitization: Absent. The skill relies on the AI's internal guardrails and user-configured policies.
  • [SAFE]: No malicious intent, obfuscation, or data exfiltration patterns were identified. The skill correctly implements security policies like group whitelisting and uses environment variables for credential management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:56 AM
Security Audit — agent-trust-hub — openclaw-lark-integration