Back to skill
Skillv2.3.1
ClawScan security
Ding Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 23, 2026, 6:52 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The registry metadata/description claims a web-scraping skill, but the included SKILL.md and code implement a full DingTalk (钉钉) API client requiring app credentials — the pieces are inconsistent and the registry omits required environment variables.
- Guidance
- Do not install or provide credentials until the publisher/source is verified. Key concerns: (1) The skill's registry description claims a web-scraper, but the package actually contains a full DingTalk API client — this mismatch could be accidental or malicious. (2) The SKILL.md requires DINGTALK_APP_KEY and DINGTALK_APP_SECRET (and optionally DINGTALK_ROBOT_CODE); the registry metadata omitted these — supplying them gives the skill privileged access to your DingTalk org data (users, calendars, approvals, docs, messages). What to do: verify the publisher and homepage, confirm which behavior you want (scraping vs DingTalk integration), ask the publisher why metadata and description differ, inspect or run the code in an isolated test environment first, and only supply DingTalk credentials with least privilege (a dedicated app with minimal scopes) after you trust the source.
- Findings
[no_findings] unexpected: Static pre-scan reported no findings. That does not negate the larger incoherence: registry metadata/description claim a different purpose (web scraping) while the SKILL.md and code implement DingTalk API functionality and require app credentials.
Review Dimensions
- Purpose & Capability
- concernThe top-level description/registry metadata describes a web-scraping/Crawl4AI skill, but the SKILL.md and the 45 included Python scripts implement DingTalk (钉钉) operations (user/department management, messages, approvals, calendar, docs). This is a major mismatch: the claimed purpose (scraping) does not match the actual capability (DingTalk API client).
- Instruction Scope
- okThe SKILL.md gives concrete workflows and commands that map to the bundled scripts (e.g., search_user.py → get_user.py → create_schedule_conference.py). The runtime instructions require DINGTALK_APP_KEY, DINGTALK_APP_SECRET and optionally DINGTALK_ROBOT_CODE, and the scripts call only DingTalk API endpoints. There is no instruction to read unrelated system files or exfiltrate data to unknown endpoints.
- Install Mechanism
- noteThere is no install spec (instruction-only), but many code files are included in the bundle. This is not inherently malicious, but surprising: an instruction-only skill normally has little or no code. The code is plain Python and uses requests; no external download URLs or extract steps are present.
- Credentials
- concernThe SKILL.md clearly requires DINGTALK_APP_KEY and DINGTALK_APP_SECRET (and optionally DINGTALK_ROBOT_CODE) to function. However the registry metadata shown above lists no required environment variables or primary credential. This inconsistency could mislead users about what secrets they must provide. The requested credentials (DingTalk app key/secret) are proportional to the actual DingTalk functionality, but they are absent from the declared requirements.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request elevated system-wide privileges. It will perform network calls to api.dingtalk.com/oapi.dingtalk.com when invoked, which is expected for a DingTalk integration.