Ding Skills
WarnAudited by ClawScan on May 18, 2026.
Overview
The listing describes a web-scraping skill, but the included artifacts implement broad DingTalk account automation that needs app secrets and can change messages, approvals, calendars, meetings, and documents.
Do not install this if you are looking for a Crawl4AI web scraper. Only consider it if you intentionally want a DingTalk automation skill, trust the publisher, can review the Python scripts, can restrict DingTalk API scopes, and will require explicit confirmation before sending messages, approving/refusing workflows, deleting events, or overwriting documents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could install it expecting a scraper but instead enable automation over a corporate DingTalk workspace.
This user-facing description conflicts with the supplied SKILL.md/package/scripts, which implement DingTalk user, message, approval, calendar, meeting, and document operations rather than web scraping.
Description: Web scraping using local Crawl4AI instance. Use for fetching full page content with JavaScript rendering.
Do not treat this as a web-scraping skill; only install if you intentionally want DingTalk automation and have verified the publisher, code, and DingTalk API scopes.
If configured with broadly scoped DingTalk app credentials, the skill can access and act on organization data under delegated app authority.
The scripts obtain a DingTalk access token from app credentials even though the registry requirements say no env vars and no primary credential are required.
app_key = os.environ.get("DINGTALK_APP_KEY")
app_secret = os.environ.get("DINGTALK_APP_SECRET")
...
requests.post(f"{OPEN_API_BASE}/oauth2/accessToken", json={"appKey": app_key, "appSecret": app_secret})Use a least-privilege DingTalk app, declare and review required credentials, and avoid setting these secrets unless you trust the skill and need these exact operations.
An agent could perform business-impacting DingTalk actions, such as approving or refusing workflows, if invoked with the needed identifiers and credentials.
The code can execute DingTalk approval decisions. Similar package entries expose other mutating actions such as sending messages, deleting events, and overwriting documents, but the artifacts do not show explicit confirmation gates.
api_request("POST", "/workflow/processInstances/tasks/execute", token, json_body=body)
...
"message": "已同意审批" if args["result"] == "agree" else "已拒绝审批"Require explicit user confirmation for each state-changing operation, show the target user/resource/action before execution, and restrict available API permissions.
It may be harder to verify who maintains the code or what runtime dependencies and updates are expected.
The skill has limited provenance information and no dependency/install declaration, despite shipping many Python scripts. The included code is visible in the artifacts, so this is a provenance note rather than standalone proof of malicious behavior.
Source: unknown Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Prefer skills with clear source provenance and declared runtime requirements, especially when they handle organization credentials.