Skillv1.0.0

ClawScan security

Dingtalk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 5:22 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code, instructions, and requested inputs are coherent with a DingTalk channel integration — nothing in the files indicates hidden exfiltration or unrelated credential requests, but the package's unknown origin and minor metadata inconsistencies warrant caution.
Guidance: This plugin appears to do what it says: integrate OpenClaw with DingTalk using either an app key/secret or a group webhook. Before installing, consider: (1) the package has no homepage or repository listed and the publisher identity is unclear — prefer plugins from a known org or official repo; (2) the plugin will read DINGTALK_CLIENT_ID/DINGTALK_CLIENT_SECRET (and alternate env names) — provide least-privilege app credentials and rotate them if possible; (3) if you choose file-based config, be careful storing secrets in plaintext config files — prefer environment variables or secret storage; (4) review network exposure for your OpenClaw Gateway (callback URL and IP whitelisting) as noted in docs; (5) because source files are included, you can inspect or vendor the code in your environment before enabling it. If you want higher assurance, ask the publisher for a repo/homepage and a signed release or install the plugin from a trusted source.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, and the TypeScript code all implement a DingTalk channel plugin: fetching access tokens, sending messages via API and webhook, receiving callbacks, onboarding UI, and a probe. The config/env vars referenced (DINGTALK_CLIENT_ID/SECRET and webhook URL/secret) match the stated purpose.
Instruction Scope: okSKILL.md instructs only on configuring credentials, webhook URLs, and the gateway callback — the runtime code only calls DingTalk endpoints (oapi.dingtalk.com) and does not read unrelated files, system configs, or contact external domains beyond DingTalk/webhook URLs.
Install Mechanism: noteThere is no external download/install spec (lower risk). However, this skill is not purely instruction-only: it includes source files and package.json/openclaw.plugin.json describing an extension path. That is coherent for a plugin but means code will run in the host if installed — there are no third-party downloads or obscure URLs.
Credentials: noteThe registry metadata listed no required env vars, but SKILL.md and the code expect optional environment variables (DINGTALK_CLIENT_ID/SECRET and alternate names DINGTALK_APP_KEY/APP_SECRET). These env reads are appropriate for the plugin's function, but the registry should declare them explicitly. No unrelated credentials are requested.
Persistence & Privilege: okThe skill does not set always:true and makes no attempt to modify other skills or system settings. It will run as a channel plugin within OpenClaw's extension system when installed — standard and appropriate for its purpose.