Dingtalk Calendar Only Curl
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a legitimate DingTalk calendar helper, but it can change calendar data and stores DingTalk app credentials/tokens locally.
Install only if you intend to let the agent manage DingTalk calendar items. Use a least-privilege DingTalk app, protect the local config file, and confirm any create/update/delete, meeting-room, or sign-in/sign-out action before it runs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the config file may be able to reuse the DingTalk app secret or cached tokens according to the app’s granted permissions.
The helper stores the DingTalk app secret and both new/old token caches in a local config file, making local file protection and app-scope limits important.
~/.dingtalk-skills/config key=value 格式,存储以下键: ... DINGTALK_APP_SECRET ... DINGTALK_ACCESS_TOKEN ... DINGTALK_OLD_TOKEN
Use a dedicated DingTalk app with only the needed calendar/user-lookup permissions, protect ~/.dingtalk-skills/config with restrictive file permissions, and clear cached tokens when no longer needed.
A mistaken event ID, time range, or user identity could create, update, or delete the wrong DingTalk calendar entry or meeting-room booking.
The documented API operations include destructive calendar mutations such as deleting events, which is expected for a calendar-management skill but should be user-confirmed.
## 5. 删除日程
**DELETE** `/v1.0/calendar/users/{unionId}/calendars/primary/events/{eventId}`Confirm the target calendar user, event ID, time, and intended action before running create/update/delete or room/sign-in operations.
If generated shell commands are wrong or include unintended user input, they could run incorrectly on the local machine or expose tokens in process/script content.
The skill instructs the agent to write and execute temporary shell scripts for API calls. This is aligned with the curl-based design, but it is still local command execution.
执行 API → 多行逻辑写入 `/tmp/<task>.sh` 再执行;禁止 heredoc。
Review generated shell scripts for destructive commands and sensitive values, and prefer restrictive temporary-file permissions when possible.
Users may not realize from registry metadata alone that setup requires sensitive DingTalk app credentials and local script execution.
The registry metadata does not declare provenance, credentials, or environment requirements even though the included SKILL.md and helper require DingTalk app configuration and local shell tooling.
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none; No install spec
Read the SKILL.md and helper before use; publishers should declare the DingTalk credential/config requirements and source provenance in metadata.