ClawHub
Back to skill
v1.0.0

Dingtalk Docs 0.3.1

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:31 AM.

Analysis

This skill is a coherent DingTalk Docs integration, but users should notice that it uses a token-bearing DingTalk MCP URL and can read, create, and overwrite cloud documents when directed.

GuidanceInstall only if you want an agent to manage DingTalk cloud documents for the configured account. Protect the DingTalk MCP URL because it contains an access token, and carefully confirm the target document and overwrite-versus-append choice before any write operation.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
"写入前必须确认 updateType" -- "0=覆盖(清空后写入),1=续写(追加到末尾)"

The skill can write to cloud documents, including an overwrite mode that clears existing content, but it explicitly requires confirmation of the update mode.

User impactA mistaken overwrite choice could replace existing document content.
RecommendationBefore allowing a write, confirm the target document and whether the action should overwrite or append.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
package.json
"peerDependencies": { "mcporter": ">=0.7.0" }, "requiresBinaries": [ "mcporter" ]

The package depends on an external globally installed CLI with a lower-bound version rather than an exact pinned version.

User impactThe behavior also depends on the installed mcporter binary and its configuration.
RecommendationInstall mcporter from a trusted source and keep it updated; verify the configured DingTalk service before use.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/mcporter_utils.py
command = ['mcporter', 'call', tool, '--output', 'json'] ... subprocess.run(command, capture_output=True, text=True, timeout=timeout)

The helper scripts execute the local mcporter CLI. This is central to the skill's purpose and uses argument lists rather than shell execution.

User impactRunning the included helper scripts will invoke local commands and contact the configured DingTalk service.
RecommendationRun the scripts only when you intend to perform the described document operation, and avoid running them with elevated privileges.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
package.json
"name": "DINGTALK_MCP_DOCS_URL", "description": "钉钉文档服务的 Streamable HTTP 地址(含访问令牌)"

The skill uses a DingTalk MCP URL that contains an access token, giving it the user's DingTalk Docs authority through the configured service.

User impactAnyone using this skill with that configured URL lets the agent act on DingTalk documents available to that account.
RecommendationUse only a trusted DingTalk MCP URL, protect it like a password, and revoke or rotate it if it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
README.md
访问 [钉钉 MCP 广场](https://mcp.dingtalk.com) ... mcporter config add dingtalk-docs --url "<你的_URL>"

Document operations are routed through a configured DingTalk MCP endpoint, so document content and metadata can pass through that provider connection.

User impactYour document titles, IDs, and content may be exchanged with the configured DingTalk MCP service during reads and writes.
RecommendationUse the official DingTalk MCP configuration source and avoid pasting the token-bearing URL into logs, chats, or shared files.