ClawHub

Dingtalk Csa

Security checks across malware telemetry and agentic risk

Overview

This DingTalk document skill appears purpose-aligned, but it includes write-capable examples that can overwrite enterprise documents without strong guardrails.

Review before installing. Use only with least-privilege DingTalk credentials, restrict write access to disposable or approved folders, and do not run the overwriteContent examples on real documents unless you have a backup and explicit approval from the document owner.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide includes a live verification command that calls an overwriteContent endpoint against an existing document ID, which will modify remote data if a user substitutes real values and runs it. Because the example is presented as a routine permission test without an explicit destructive-action warning or safer alternative, it can cause accidental content loss or document corruption.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad enough to match generic file analysis, report generation, and collaboration requests, which can cause the skill to activate in situations beyond explicit DingTalk cloud-storage operations. In an agentic environment, over-broad routing increases the chance of unintended access to enterprise file data or write-capable tooling being invoked for loosely related prompts.

External Transmission

Medium
Category
Data Exfiltration
Content
# 4. 测试文档写入(验证 Storage.File.Write)
echo "=== 测试文档写入 ==="
curl -s -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/YOUR_DOC_ID/overwriteContent?operatorId=YOUR_UNION_ID" \
  -H "x-acs-dingtalk-access-token: $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"content": "# Test", "dataType": "markdown"}' | python3 -m json.tool
Confidence
88% confidence
Finding
curl -s -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/YOUR_DOC_ID/overwriteContent?operatorId=YOUR_UNION_ID" \ -H "x-acs-dingtalk-access-token: $TOKEN" \ -H 'Content-Type: applicatio

External Transmission

Medium
Category
Data Exfiltration
Content
# 4. 测试文档写入(验证 Storage.File.Write)
echo "=== 测试文档写入 ==="
curl -s -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/YOUR_DOC_ID/overwriteContent?operatorId=YOUR_UNION_ID" \
  -H "x-acs-dingtalk-access-token: $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"content": "# Test", "dataType": "markdown"}' | python3 -m json.tool
Confidence
88% confidence
Finding
https://api.dingtalk.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 覆写整个文档(Markdown格式)
curl -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/{documentId}/overwriteContent?operatorId=<unionId>" \
  -H "x-acs-dingtalk-access-token: <TOKEN>" \
  -H 'Content-Type: application/json' \
  -d '{"content": "# Markdown Content", "dataType": "markdown"}'
Confidence
84% confidence
Finding
https://api.dingtalk.com/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"content": "# Markdown Content", "dataType": "markdown"}'

# 追加内容到文档
curl -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/{documentId}/content?operatorId=<unionId>" \
  -H "x-acs-dingtalk-access-token: <TOKEN>" \
  -H 'Content-Type: application/json' \
  -d '{"content": {"type": "markdown", "content": "## New Section"}}'
Confidence
80% confidence
Finding
https://api.dingtalk.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### 5. 创建文件夹(写 ⚠️ 检查白名单)

```bash
curl -X POST "https://api.dingtalk.com/v1.0/storage/spaces/{spaceId}/dentries/{parentId}/folders" \
  -H "x-acs-dingtalk-access-token: <TOKEN>" \
  -H 'Content-Type: application/json' \
  -d '{"unionId": "<unionId>", "name": "New Folder"}'
Confidence
86% confidence
Finding
https://api.dingtalk.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal