aiskillstore/lark-shared
skills/larksuite/lark-shared/SKILL.md
飞书/Lark CLI 共享基础:应用配置初始化、认证登录(auth login)、身份切换(--as user/bot)、权限与 scope 管理、Permission denied 错误处理、安全规则。当用户需要第一次配置(`lark-cli config init`)、使用登录授权(`lark-cli auth login`)、遇到权限不足、切换 user/bot 身份、配置 scope、或首次使用 lark-cli 时触发。
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace lark-sharedInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 10, 2026, 3:11 AM6.3s2 files scanned
SKILL.md
- name:
- lark-shared
- version:
- 1.0.0
- description:
- 飞书/Lark CLI 共享基础:应用配置初始化、认证登录(auth login)、身份切换(--as user/bot)、权限与 scope 管理、Permission denied 错误处理、安全规则。当用户需要第一次配置(`lark-cli config init`)、使用登录授权(`lark-cli auth login`)、遇到权限不足、切换 user/bot 身份、配置 scope、或首次使用 lark-cli 时触发。
lark-cli 共享规则
本技能指导你如何通过lark-cli操作飞书资源, 以及有哪些注意事项。
配置初始化
首次使用需运行 lark-cli config init 完成应用配置。
当你帮用户初始化配置时,使用background方式使用下面的命令发起配置应用流程,启动后读取输出,从中提取授权链接并发给用户:
# 发起配置(该命令会阻塞直到用户打开链接并完成操作或过期)
lark-cli config init --new
认证
身份类型
两种身份类型,通过 --as 切换:
| 身份 | 标识 | 获取方式 | 适用场景 |
|------|------|---------|---------|
| user 用户身份 | --as user | lark-cli auth login 等 | 访问用户自己的资源(日历、云空间等) |
| bot 应用身份 | --as bot | 自动,只需 appId + appSecret | 应用级操作,访问bot自己的资源 |
身份选择原则
输出的 [identity: bot/user] 代表当前身份。bot 与 user 表现差异很大,需确认身份符合目标需求:
- Bot 看不到用户资源:无法访问用户的日历、云空间文档、邮箱等个人资源。例如
--as bot查日程返回 bot 自己的(空)日历 - Bot 无法代表用户操作:发消息以应用名义发送,创建文档归属 bot
- Bot 权限:只需在飞书开发者后台开通 scope,无需
auth login - User 权限:后台开通 scope + 用户通过
auth login授权,两层都要满足
权限不足处理
遇到权限相关错误时,根据当前身份类型采取不同解决方案。
错误响应中包含关键信息:
permission_violations:列出缺失的 scope (N选1)console_url:飞书开发者后台的权限配置链接hint:建议的修复命令
Bot 身份(--as bot)
将错误中的 console_url 提供给用户,引导去后台开通 scope。禁止对 bot 执行 auth login。
User 身份(--as user)
lark-cli auth login --domain <domain> # 按业务域授权
lark-cli auth login --scope "<missing_scope>" # 按具体 scope 授权(推荐,符合最小权限原则)
规则:auth login 必须指定范围(--domain 或 --scope)。多次 login 的 scope 会累积(增量授权)。
Agent 代理发起认证(推荐)
当你作为 AI agent 需要帮用户完成认证时,使用background方式 执行以下命令发起授权流程, 并将授权链接发给用户:
# 发起授权(阻塞直到用户授权完成或过期)
lark-cli auth login --scope "calendar:calendar:readonly"
安全规则
- 禁止输出密钥(appSecret、accessToken)到终端明文。
- 写入/删除操作前必须确认用户意图。
- 用
--dry-run预览危险请求。
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026