ClawHub

Dingtalk Ai Table

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DingTalk AI Table automation skill; it can modify or delete table data, but the artifacts do not show hidden execution, exfiltration, or purpose-mismatched behavior.

Install this only if you intend to let the agent operate on DingTalk AI Tables through your MCP URL. Treat DINGTALK_MCP_URL like a password, set OPENCLAW_WORKSPACE to a limited folder, and require explicit confirmation plus a backup or test table before bulk imports, updates, schema changes, or deletions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation promotes automatic field mapping, validation, error handling, and bulk import/update flows without any warning about destructive or unintended data changes. In a skill that can create bases, modify schema, and batch update records, this omission can normalize unsafe usage and increase the chance of unauthorized, mistaken, or large-scale data modification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide provides direct examples for creating, updating, deleting, and bulk importing records in a live data system without any nearby warning that these operations are state-changing and may permanently modify or remove user data. In an agent/skill context, this increases the risk of accidental destructive use, especially when users copy commands verbatim against production Base/Table IDs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes destructive operations such as delete_base, delete_table, delete_field, and delete_records but does not pair them with explicit warnings about permanence, data loss, or confirmation requirements. In an automation context, this omission can lead to accidental irreversible deletion of business data if a user prompt is ambiguous or the agent chooses a destructive tool path automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal