Trust Assessment
lark-calendar received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Suspicious Dependency Version (dotenv@17.2.3), Broad Path Traversal for Environment Variable Loading.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Suspicious Dependency Version (dotenv@17.2.3) The `package.json` and `package-lock.json` specify `dotenv` version `17.2.3`. This version does not exist on the public npm registry (official versions are currently 16.x.x). The `resolved` URL points to `npmjs.org` with a unique integrity hash. This is a strong indicator of a typosquatting attack, a private/malicious package, or a misconfigured private registry, posing a significant supply chain risk. An attacker could publish a malicious package under this non-existent version to compromise the build process. Verify the intended `dotenv` package and version. If a specific version is required, ensure it's from a trusted source and matches a publicly available, legitimate release. If this is a private fork, ensure it's hosted on a secure private registry and clearly documented. Update `package.json` and `package-lock.json` to use a legitimate and secure version of `dotenv`. | LLM | package-lock.json:13 | |
| HIGH | Broad Path Traversal for Environment Variable Loading The skill attempts to load environment variables from `../../../../.secrets.env` using a broad relative path traversal. This allows the skill to access files four directories up from its current location. In environments where the skill is not strictly sandboxed, this could lead to unauthorized access and exfiltration of sensitive files (e.g., other `.env` files, configuration files, or credentials) located in parent directories outside the skill's intended scope. Restrict the path for loading environment variables to within the skill's own directory or a clearly defined, secure location. Avoid broad path traversals like `../../../../`. Ideally, secrets should be injected directly into the environment at runtime rather than loaded from a file by the skill itself, or the `.secrets.env` file should be placed directly in the skill's root directory. | LLM | lib/lark-api.mjs:7 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^17.2.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/boyangwang/lark-calendar/package.json | |
| MEDIUM | Excessive PII Collection from Lark Contact API The `fetchEmployees` function in `lib/employees.mjs` fetches and caches extensive Personally Identifiable Information (PII) from the Lark Contact API, including `email`, `mobile`, `department_ids`, and `open_id`, when the `contact:contact:readonly` permission is granted. While the skill uses `user_id` and names for its core functionality (name resolution and display), it collects more sensitive data than appears strictly necessary for these stated purposes. This increases the attack surface for data exfiltration if the `employeeCache` is compromised or improperly logged. Review the necessity of collecting `email`, `mobile`, `department_ids`, and `open_id`. If these fields are not directly used by the skill's functionality, modify the `fetchEmployees` function to only request and store the minimum necessary PII (e.g., `user_id`, `name`, `en_name`, `nickname`). Ensure that the Lark app's permissions are also scoped to the minimum required data access. | LLM | lib/employees.mjs:62 |
Scan History
Embed Code
[](https://skillshield.io/report/42c80ee2a48ddc9b)
Powered by SkillShield