ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dingtalk CLI SKILL

v1.0.13

Dingtalk CLI SKILL / 钉钉 dingding / dingtalk dws skill — Manage DingTalk products (AI forms, calendar, contacts, bots, todos, approvals, attendance, reports,...

0· 78·0 current·0 all-time
by花渡@cizixiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the declared requirements: it expects the dws CLI and DingTalk credentials (DWS_CLIENT_ID/SECRET), which are appropriate for a dws-based skill. However, the package includes many helper Python scripts and internal docs while registry metadata claimed 'instruction-only'—this mismatch is unexpected but could be legitimate (bundled helper scripts).
Instruction Scope
SKILL.md instructs only to use the dws CLI (auth login and various dws commands) and references the included scripts for attachments/automation. It does not instruct the agent to read unrelated system files or exfiltrate data. It does, however, instruct running a browser-based QR login (normal for OAuth device flow).
!
Install Mechanism
SKILL.md contains an install entry that downloads a dws-windows-amd64.zip from a GitHub repo (github.com/DingTalk-Real-AI/...), with a SHA256. Registry metadata claimed 'No install spec', creating an inconsistency. The URL is a GitHub release (lower risk than arbitrary server) but points to a project/repo that is not clearly official; the artifact is Windows-only (dws-windows-amd64.zip / dws.exe) while the skill has no OS restriction—this Windows-specific install + cross-platform scripts is mismatched and should be validated.
Credentials
Requested env vars (DWS_CLIENT_ID, DWS_CLIENT_SECRET, DWS_CONFIG_DIR, DWS_SERVERS_URL) are consistent with a CLI that supports headless auth and custom endpoints. They are proportional to the claimed functionality. Caution: DWS_SERVERS_URL can point the CLI to arbitrary service endpoints; providing client secret to an untrusted skill or binary from an unverified repo increases exposure.
Persistence & Privilege
Skill is not marked always:true and does not request system-wide privileged changes in its docs. It uses local CLI/auth flow and scripts stored under a skill directory—no evidence it alters other skills or global agent settings.
What to consider before installing
This skill mostly matches its stated purpose (it is a wrapper/guide for the dws DingTalk CLI), but there are red flags you should address before installing: - Verify provenance: the package owner and homepage are missing; the install URL points to a GitHub repo that may not be the official DingTalk/dingtalk project. Confirm the repo is trustworthy before downloading executables. - Confirm the binary: if you plan to use the included install URL, manually download and verify the SHA256 checksum and inspect the binary/source. Prefer to download from the official DingTalk org if available. - OS mismatch: the SKILL.md's install step provides a Windows dws.exe; ensure this fits your OS or that a proper build exists for your platform. - Protect credentials: the skill requests DWS_CLIENT_ID and DWS_CLIENT_SECRET (normal for headless auth). Only set these for a CLI/binary you trust. Avoid pasting secrets into unreviewed install scripts. - Inspect bundled scripts: the package includes multiple Python helper scripts (upload_attachment.py, calendar schedulers, etc.). Review them for network endpoints or unexpected behavior before running. - Least privilege: consider using a test DingTalk account or limited-scope app credentials when first enabling the skill. If you cannot verify the download/source or review the scripts, treat the skill as untrusted and do not provide your production client secret or point DWS_SERVERS_URL to non-official endpoints.

Like a lobster shell, security has layers — review code before you run it.

calendarvk97ae150x3d9agkvrzrgyfdea984ks5dcizixiuvk97ae150x3d9agkvrzrgyfdea984ks5dclivk97ae150x3d9agkvrzrgyfdea984ks5ddingdingvk97ae150x3d9agkvrzrgyfdea984ks5ddingtalkvk97ae150x3d9agkvrzrgyfdea984ks5ddingtalk-clivk97ae150x3d9agkvrzrgyfdea984ks5ddingtalk-cli-skillvk97ae150x3d9agkvrzrgyfdea984ks5ddwsvk97ae150x3d9agkvrzrgyfdea984ks5dlatestvk97ae150x3d9agkvrzrgyfdea984ks5dofficialvk97ae150x3d9agkvrzrgyfdea984ks5dtodovk97ae150x3d9agkvrzrgyfdea984ks5d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsdws
EnvDWS_CLIENT_ID, DWS_CLIENT_SECRET, DWS_CONFIG_DIR, DWS_SERVERS_URL
Primary envDWS_CLIENT_ID

Comments