Is boyangwang/lark-calendar safe?

https://github.com/openclaw/skills/tree/main/skills/boyangwang/lark-calendar

97
SAFE

This is a legitimate calendar and task management skill for Lark (Feishu) integration. The code is clean, well-documented, and focused on its stated purpose with no malicious functionality detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW API credentials required in environment -5

Skill requires FEISHU_APP_ID and FEISHU_APP_SECRET environment variables for Lark API access. While this is standard practice, these credentials provide access to calendar and task data.

INFO Broad calendar system access -10

Skill provides comprehensive calendar and task management capabilities including create, read, update, delete operations across the entire Lark calendar system.