ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ding Skills

v2.3.1

Web scraping using local Crawl4AI instance. Use for fetching full page content with JavaScript rendering. Better than Tavily for complex pages. Unlimited usage.

1· 285·0 current·0 all-time
byHione@hioneowner
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The top-level description/registry metadata describes a web-scraping/Crawl4AI skill, but the SKILL.md and the 45 included Python scripts implement DingTalk (钉钉) operations (user/department management, messages, approvals, calendar, docs). This is a major mismatch: the claimed purpose (scraping) does not match the actual capability (DingTalk API client).
Instruction Scope
The SKILL.md gives concrete workflows and commands that map to the bundled scripts (e.g., search_user.py → get_user.py → create_schedule_conference.py). The runtime instructions require DINGTALK_APP_KEY, DINGTALK_APP_SECRET and optionally DINGTALK_ROBOT_CODE, and the scripts call only DingTalk API endpoints. There is no instruction to read unrelated system files or exfiltrate data to unknown endpoints.
Install Mechanism
There is no install spec (instruction-only), but many code files are included in the bundle. This is not inherently malicious, but surprising: an instruction-only skill normally has little or no code. The code is plain Python and uses requests; no external download URLs or extract steps are present.
!
Credentials
The SKILL.md clearly requires DINGTALK_APP_KEY and DINGTALK_APP_SECRET (and optionally DINGTALK_ROBOT_CODE) to function. However the registry metadata shown above lists no required environment variables or primary credential. This inconsistency could mislead users about what secrets they must provide. The requested credentials (DingTalk app key/secret) are proportional to the actual DingTalk functionality, but they are absent from the declared requirements.
Persistence & Privilege
The skill is not marked always:true and does not request elevated system-wide privileges. It will perform network calls to api.dingtalk.com/oapi.dingtalk.com when invoked, which is expected for a DingTalk integration.
Scan Findings in Context
[no_findings] unexpected: Static pre-scan reported no findings. That does not negate the larger incoherence: registry metadata/description claim a different purpose (web scraping) while the SKILL.md and code implement DingTalk API functionality and require app credentials.
What to consider before installing
Do not install or provide credentials until the publisher/source is verified. Key concerns: (1) The skill's registry description claims a web-scraper, but the package actually contains a full DingTalk API client — this mismatch could be accidental or malicious. (2) The SKILL.md requires DINGTALK_APP_KEY and DINGTALK_APP_SECRET (and optionally DINGTALK_ROBOT_CODE); the registry metadata omitted these — supplying them gives the skill privileged access to your DingTalk org data (users, calendars, approvals, docs, messages). What to do: verify the publisher and homepage, confirm which behavior you want (scraping vs DingTalk integration), ask the publisher why metadata and description differ, inspect or run the code in an isolated test environment first, and only supply DingTalk credentials with least privilege (a dedicated app with minimal scopes) after you trust the source.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771bv0xjr4vjrh5k7dn3bfwd83esng

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments