ClawHub

Dingtalk Docs Skill

Security checks across malware telemetry and agentic risk

Overview

This skill clearly describes a DingTalk Docs integration with sensitive document access, but the access is purpose-aligned and most high-impact actions require user confirmation.

Install only if you intend to let your agent access and manage DingTalk documents. Treat the MCP URL as a secret, confirm the DingTalk workspace before uploads/exports/permission changes, and be careful with project-level installs because the optional default workspace config may be written into the skill directory.

Publisher note

支持钉钉文档通过skill进行管理(需要配置钉钉文档MCP)

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly labels get_document_content as high-sensitivity but does not require user notification, confirmation, or scope limitation before retrieving document bodies. In an agent setting, this can enable silent access to confidential enterprise content and subsequent leakage into prompts, logs, or downstream tools.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The upload flow describes an external HTTP PUT to OSS but does not warn that local file contents leave the local environment and are transmitted to a remote storage service. In practice, an agent could upload sensitive local files without the user understanding that raw file data is being exfiltrated to an external system.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The export workflow creates downloadable copies of document data but omits any notice that exporting generates additional distributable artifacts such as PDF or Word files. This increases the risk of uncontrolled duplication, persistence, and sharing of sensitive document contents outside the original access context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The attachment and file download operations retrieve document or file contents, yet the reference omits a privacy warning or confirmation requirement. In an agent workflow, this can lead to silent downloading of sensitive attachments or files and unintended exposure through local storage, logs, or subsequent processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal