lark-vc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains many commands that require inserting document/minute tokens (e.g., --doc <note_doc_token>, --token <whiteboard_token>) directly into CLI calls, which forces the agent to include secret-like tokens verbatim in generated commands/outputs, creating an exfiltration risk.