Dingtalk Ai Table Only Curl
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This DingTalk table skill appears purpose-aligned, but it can modify or delete business table data and stores DingTalk credentials locally, so it should be reviewed before use.
Install only if you intend to let the agent operate on DingTalk AI tables. Use a least-privilege DingTalk application, verify the target base/sheet/record IDs, require confirmation before any update or delete, and protect or remove the local ~/.dingtalk-skills/config file when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent selects the wrong table, sheet, or record IDs, it could update or delete real DingTalk table data.
The skill documents direct write and delete operations against DingTalk AI table records. These are purpose-aligned, but they can alter or remove business data and the record deletion flow does not clearly require explicit user confirmation or a dry-run summary.
## 11. 更新记录 ... PUT https://api.dingtalk.com/v1.0/notable/bases/{base_id}/sheets/{sheet_id}/records?operatorId={OPERATOR_ID} ... ## 12. 删除记录 ... POST https://api.dingtalk.com/v1.0/notable/bases/{base_id}/sheets/{sheet_id}/records/delete?operatorId={OPERATOR_ID}Require explicit user confirmation before every write/delete, show the base/sheet/record targets first, and prefer a dry-run or preview step for destructive operations.
Generated shell scripts may affect the local environment if constructed incorrectly or if unsafe values are inserted into commands.
The skill intentionally has the agent generate and execute temporary shell scripts. This is related to its curl-based workflow, but it means local shell code will run and user-provided values need careful quoting.
凡是包含变量替换、管道或多行逻辑的命令,写入 `/tmp/<task>.sh` 再 `bash /tmp/<task>.sh` 执行。
Review generated scripts before execution, use safe temporary-file creation such as mktemp, quote variables carefully, and avoid inserting untrusted text directly into shell code.
Anyone or any process that can read the config file may be able to reuse the stored DingTalk credentials or tokens.
The helper stores DingTalk app secrets and access tokens in a persistent local config file. This is expected for DingTalk API access, but it is sensitive account authority.
CONFIG="${DINGTALK_CONFIG:-$HOME/.dingtalk-skills/config}" ... DINGTALK_APP_SECRET ... DINGTALK_ACCESS_TOKEN ... DINGTALK_OLD_TOKENUse a least-privilege DingTalk app, restrict permissions on the config file, avoid sharing the machine/account, and clear cached tokens when no longer needed.