DingTalk Bot

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate DingTalk integration, but it gives an agent sensitive workplace messaging, group, approval, and attendance powers without enough guardrails.

Install only if the DingTalk robot or internal app is limited to the exact permissions needed. Keep webhook URLs and app secrets out of code and logs, rotate them if exposed, and require explicit human approval before the agent sends messages, changes groups, creates or cancels approvals, or queries attendance and vacation data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises capabilities to query attendance, create approvals, and manage groups, all of which involve sensitive employee and organizational data or state-changing administrative actions, but it provides no warning about privacy, authorization boundaries, or operational risk. In an agent context, this omission increases the chance of overbroad deployment, accidental misuse, or unauthorized handling of HR and collaboration data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal