Skills
skills/charles1614/lark-hirono/lark-hirono-sync/Snyk

lark-hirono-sync

Fail

Audited by Snyk on May 5, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill shows and requires passing wiki node tokens/URLs (including bare tokens) directly on the command line and in example commands, so an agent would need to accept and emit secret-like tokens verbatim into generated commands or code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated Feishu wiki content (source URLs shown in "Usage" and examples) via the docx block API and downloads images via Playwright from Feishu's internal CDN (see "How It Works" → "Block-Level Copy" and "Image Transfer" in SKILL.md), and that ingested content is parsed and used to drive API calls and sync actions, so untrusted third-party content can materially influence the agent's behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the full prompt for high-entropy, literal values that could be used to access services.

Flagged items:

  • RK4aw2SgriDqDNkB6NLcXhZhnFf (appears twice: once in a full URL and once as a bare token in the dry-run example)
  • A770wxopAij0FPktwApceRuPnSe (appears twice: once in a full URL and once as a bare token in the dry-run example) These are long, random-looking alphanumeric tokens embedded in Feishu wiki URLs or shown as bare node tokens — they meet the definition of high-entropy literal values that can be used to access a wiki node and therefore should be treated as secrets.

Ignored/not flagged:

  • The placeholder path {token} in the internal API URL was ignored (documentation placeholder).
  • Generic placeholders and example flags elsewhere (e.g., <source-url>, <SAME_SOURCE>, YOUR_API_KEY, --from <url>) were ignored per the rules.
  • Other short/simple words (e.g., browser-state.json, openclaw is not present) are non-secrets or config paths.

Recommendation: remove or redact the concrete node tokens in examples (replace with placeholders like <SOURCE_TOKEN> / <TARGET_TOKEN>) or confirm they are intentionally public test tokens before keeping them.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
May 5, 2026, 12:25 PM
Issues
3