Dingtalk Calendar

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DingTalk scheduling helper, but it can read coworker availability/contact data and modify or delete calendar events after setup.

Install only if you trust the mcporter package and the DingTalk MCP URLs you configure. Use a least-privileged DingTalk account where possible, confirm event IDs before updates or deletes, and query coworker busy status or contact details only when you are authorized to do so.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The changelog states the skill supports contact-directory user search and user-detail lookup, which extends beyond the stated calendar and meeting-management scope in the metadata. This kind of scope drift is security-relevant because directory search enables access to organizational identity data and can facilitate user enumeration or privacy violations if the broader capability is not clearly declared, reviewed, and permission-scoped.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill metadata describes only calendar management, but the body also requires and documents contact-directory operations. This mismatch can mislead users and reviewers about the skill's actual data access scope, causing them to authorize or use functionality that reaches into employee directory data without informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents querying other users' busy/free status but provides no warning about privacy, authorization, or policy constraints. In an enterprise context, availability data can reveal work patterns, meetings, and sensitive organizational information, so exposing this capability without guardrails increases the risk of misuse or unauthorized surveillance.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill includes a delete_calendar_event command with no warning that it is destructive, potentially irreversible, or should be confirmed before execution. This raises the risk of accidental or socially engineered deletion of meetings, disrupting schedules and causing loss of operational information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal