Stats
Actions
Tags
From governance
Read-only scan of Drive/Doc/Wiki/Base for risky permissions (public, external, PII). Triggers "permission audit", "quét quyền", "PII leak".
How this skill is triggered — by the user, by Claude, or both
Slash command
/governance:permission-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Read-only scan → one severity-ranked report. No auto-fix, no
Read-only scan → one severity-ranked report. No auto-fix, no auto-revoke, no notification.
Verbs (the installed lark-* skills): drive +search
(--doc-types/--folder-tokens/--space-ids/--creator-ids — inventory
files; NO permission flag), docs +fetch (content for PII scan),
base +table-list. Raw CLI has no verb that returns per-file
share/permission state — get permission metadata via the atomic
lark-drive skill (or note the gap in the report). Atomic shapes +
token flags: connectors/LARK-RECIPES.md.
--folder-tokens, --space-ids, --creator-ids. >1000 items →
warn + suggest batching.drive +search --doc-types doc,sheet,bitable,file --folder-tokens <t> --jq '.data' (peek shape; + --space-ids for
wiki; needs search:docs:read scope). Permission state → atomic
lark-drive skill per item (batch). Cache for the session — no re-fetch.public-internet → HIGH (CRIT if
strict policy) · anyone-with-link → MED · external_users >0 →
MED (HIGH if folder is Confidential/HR/Finance) · inactive_owner
→ MED.docs +fetch --doc <url> --limit 1 (cap content), regex memory/regulated-data-types.md:
VN CCCD \b\d{9}\b|\b\d{12}\b, Luhn-valid 13-19 digit cards,
email+phone batch (>10/file), API keys (sk-, ghp_, AKIA,
xoxb-). Each match: severity +1, mask 50% digits.incident-log.md — already-raised → mark RECURRENT.+update/+apply-permission/+delete.
"Fix luôn" → redirect to admin Lark UI or offer a task (confirm).4111-****-****-1234, CCCD 3+3 digits only.403 → skip silent, no brute force.memory/policies.md §.Required: policies.md (sharing rules + severity map),
regulated-data-types.md (PII patterns).
Recommended: incident-log.md (dedupe recurrent).
Empty memory → conservative defaults (anyone-with-link = HIGH) +
warning to set up policies.md.
npx claudepluginhub larkcowork/lark-cowork-plugins --plugin governanceProvides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.