ClawHub

DingTalk Push

Security checks across malware telemetry and agentic risk

Overview

This skill transparently sends user-provided notifications to a configured DingTalk group webhook, with normal integration risks but no evidence of hidden or malicious behavior.

Install this only if you intend the agent to post messages into your DingTalk group. Treat the webhook URL and signing secret as credentials, use the official HTTPS DingTalk webhook, avoid sending secrets or sensitive personal data in notifications, and be careful with automated workflows or @all messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README clearly documents sending user-provided message content to a DingTalk webhook, which is an external third-party service, but it does not explicitly warn users about the data egress or advise against sending sensitive information. This can lead operators or downstream skills to transmit secrets, internal status data, or personal information off-system without informed consent, especially because the skill is designed for easy automation and import by other skills.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation instructs the agent to send content, including optional @mentions and @all notifications, to an external DingTalk group via webhook but does not clearly warn the user that their supplied message will leave the local environment. This can lead to unintended disclosure of sensitive information, accidental mass notifications, or social/operational disruption if a user does not realize the action targets an external chat group.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal