setup
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@getlark/cliglobal package usingnpm install -g. This is a vendor-supplied resource intended for the tool's core functionality. - [COMMAND_EXECUTION]: Modifies shell profile files such as
~/.zshrcand~/.bashrcto append environment variable exports for persistence. - [CREDENTIALS_UNSAFE]: Persists the
LARKCI_API_KEYin plain text within the user's shell configuration files, making it accessible to any process that can read those files. - [COMMAND_EXECUTION]: Suggests the use of
sudoin the recovery steps to overcome potential file system permission issues during global package installation.
Audit Metadata