skills/larksuite/cli/lark-apps/Gen Agent Trust Hub

lark-apps

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local development commands, including npm install, npm run dev, and several git operations (clone, commit, push, checkout) within the user's local workspace as part of the standard full-stack development workflow.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes +init and +git-credential-init to facilitate cloning application source code from the vendor's remote repositories to the user's local environment.
  • [DATA_EXFILTRATION]: The skill includes functionality to upload local application files, static HTML assets, and environment variables to the Miaoda platform. These are core features of the tool used for legitimate application hosting and management.
  • [CREDENTIALS_UNSAFE]: While the skill manages Git credentials and OpenAPI keys, it contains strict instructions for the agent never to print, log, or persist these secrets. It also uses a secure pattern where raw keys are only shown once upon creation or reset.
  • [SAFE]: The skill implements several safety 'guardrails,' such as an automatic interceptor that prevents the accidental publishing of local credential files (like .env or .aws/credentials) during HTML site deployment unless explicitly overridden by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 12:49 PM
Security Audit — agent-trust-hub — lark-apps