Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dingtalk Calendar Only Curl
v0.1.0钉钉日程与日历。当用户提到"钉钉日程"、"日历"、"创建日程"、"新建会议"、"视频会议"、"钉钉会议"、"会议室"、"约会议室"、"会议室忙闲"、"空闲会议室"、"签到"、"签退"、"签到链接"、"签退链接"、"循环日程"、"重复日程"、"recurrence"、"查日程"、"日程列表"、"修改日程"、"删除日...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (DingTalk calendar operations) align with the included code and API calls. The included scripts and SKILL.md implement calendar CRUD, meeting-room queries, signin/signout, and token management — all consistent with the stated purpose. However, registry metadata lists no required env vars/credentials while the SKILL.md and scripts clearly require AppKey/AppSecret/userId/unionId, which is an incoherence between declared metadata and actual needs.
Instruction Scope
SKILL.md instructs the agent to use scripts/dt_helper.sh to read/write a local config (~/.dingtalk-skills/config), obtain tokens, build /tmp/<task>.sh and execute it, and call only DingTalk API endpoints. These actions are within the calendar skill's scope, but the instructions grant the agent the ability to write persistent config with secrets and to create/execute arbitrary shell scripts in /tmp — behavior meriting awareness and review.
Install Mechanism
There is no external install/download; the skill is instruction + a bundled helper script. No remote code download or extraction from untrusted URLs is used. The installation surface is minimal (no package installs).
Credentials
The helper requires sensitive values (DINGTALK_APP_KEY, DINGTALK_APP_SECRET, DINGTALK_MY_USER_ID, DINGTALK_MY_OPERATOR_ID) which are appropriate for DingTalk API access. The problem is that the registry declares no required env vars/primary credential — a metadata mismatch. Additionally, secrets are persisted to ~/.dingtalk-skills/config with no explicit file-permission hardening in the script, which could expose credentials on multi-user systems if the file permissions are not restrictive.
Persistence & Privilege
The skill does create and persist a local config file and token cache in the user's home directory (normal for API helpers). always:false and no cross-skill or system config modifications are present. Autonomous invocation is allowed (platform default) — combine this with the above notes when reasoning about risk.
What to consider before installing
What to check before installing: 1) Metadata mismatch — the package metadata lists no required credentials but the skill needs your DingTalk AppKey/AppSecret and user IDs; only proceed if you trust the source. 2) Inspect scripts/dt_helper.sh yourself — it stores secrets in ~/.dingtalk-skills/config and caches tokens; ensure the config file's permissions are set restrictively (e.g., chmod 600) after creation. 3) Use a least-privilege DingTalk app (limit scopes to calendar-only) and an app secret you can rotate. 4) Be aware the agent will create and execute scripts under /tmp and call DingTalk endpoints with your token — avoid installing on shared or high-value environments unless you review/modify the helper to enforce stricter file handling. 5) If you need stronger assurance, ask the publisher to update package metadata to declare required env vars and to add explicit safe-handling (permissions) for the credential file.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5weg0tt3tkqww2sv1423yx83jcm5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.