lx-block

SUSPICIOUS: the skill’s document-editing behavior is coherent and its apparent backend domains are official Lexiang/Tencent infrastructure, but it depends on an externally required `lx` CLI whose binary provenance is not publicly verifiable. Because that unverifiable CLI operates with authenticated session/token state to read and modify remote documents, the security risk is high even without direct evidence of malicious intent.