dingtalk-log
Security checks across malware telemetry and agentic risk
Overview
This is a coherent instruction-only DingTalk log lookup helper, but it requires corporate DingTalk app credentials and can retrieve sensitive employee logs if used broadly.
Use this only with authorization to access your organization's DingTalk logs. Provide least-privilege DingTalk app credentials, prefer narrow employee/template/time filters, confirm before all-company queries, and avoid storing or sharing access tokens and employee log contents unnecessarily.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill may expose corporate DingTalk log access to the agent if they provide app credentials or tokens.
The skill requires DingTalk application credentials, an access token, and permission to query enterprise employee logs. This is expected for the stated integration, but it is sensitive delegated account access.
需提前为应用申请「查询企业员工日志权限」... appKey ... appSecret ... access_token ... 需缓存避免频繁调用
Use a least-privilege DingTalk app, protect appSecret/access_token values, rotate them if exposed, and avoid giving the agent broader DingTalk permissions than needed.
A broad query could pull many employee log records into the agent's context or output.
The documented API workflow can retrieve all enterprise logs in the requested time range by omitting filters and continuing pagination. This matches the skill purpose but can be broad if used without explicit scope.
查企业所有日志:`template_name`和`userId`均为空;... 若`has_more=true`,则用`next_cursor`作为新游标继续调用
Specify the intended employee, template, and time range whenever possible, and require explicit confirmation before running an all-company log query.
Employee log text and identities may appear in the conversation, summaries, or downstream processing if the user asks the agent to analyze the results.
Returned records include employee identities and arbitrary log content. That content may be sensitive and should be treated as retrieved data, not as instructions to the agent.
`contents` 日志具体内容(key-value) ... `creator_id` ... `creator_name` ... `template_name`
Limit returned fields where possible, avoid storing log contents in long-term memory, and instruct the agent to treat retrieved log text as untrusted data.