ClawHub

Dingtalk Attendance

Security checks across malware telemetry and agentic risk

Overview

This DingTalk attendance skill appears purpose-built, but it deserves Review because it can access and locally store sensitive employee attendance data with limited scoping and controls.

Install only if you are authorized to access your organization’s DingTalk attendance data. Use a least-privileged DingTalk app, protect the AppSecret and admin phone configuration, avoid running broad queries unless needed, and secure or regularly delete the generated SQLite cache/history file. I did not find artifact-backed deception, destructive behavior, or non-DingTalk exfiltration, but the sensitive employee data access and persistence need careful review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instruction to search the user's home directory with find ~ grants broader filesystem discovery than needed for an attendance query. Even if the goal is only to locate the script, this pattern can enumerate unrelated files and project names in the home directory, exposing sensitive local information beyond the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill requires reading DINGTALK_APPKEY, DINGTALK_APPSECRET, and ADMIN_PHONE, which are sensitive operational values, without clearly constraining their handling in the manifest. Accessing secrets and administrator identifiers expands the data exposure surface, especially when combined with external API calls and local persistence.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes a mobile-number-to-userid lookup capability that is not necessary for basic attendance querying and expands the tool into employee directory/identity resolution. In this script it is used to resolve an admin/operator account, but the presence of a broader lookup primitive increases the chance of employee enumeration and privacy misuse if exposed through the skill surface or repurposed later.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells the agent to use sensitive credentials and transmit attendance data to an external API, but it does not clearly warn the user about credential handling, external transmission, or privacy implications. Because attendance records are employee data and the skill also stores results locally, the lack of disclosure meaningfully increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script stores attendance history, user identifiers, names, and cached identifiers in a local SQLite database for up to 7 days without access controls, encryption, minimization, or disclosure. This creates a local privacy and confidentiality risk because anyone with filesystem access to the host can read sensitive employee attendance anomalies and identity mappings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal