v1.0.2

Dingtalk Calendar

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:10 AM.

Analysis

This skill is purpose-aligned for Dingtalk calendar management, but it can change or delete business calendar data and affect coworkers without clear approval boundaries in the artifacts.

GuidanceInstall and use this only if you trust mcporter and the official Dingtalk MCP endpoints. Before allowing the agent to run write operations, require it to show the exact event, time, attendees, room, and action, then get explicit approval—especially for deletes, updates, meeting-room bookings, and multi-person invites.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

所有操作通过 `mcporter call dingtalk-calendar <tool>` 执行；示例包含 `update_calendar_event`、`delete_calendar_event` 和 `add_meeting_room`。

The skill exposes raw MCP/CLI calls that can update, delete, or modify Dingtalk calendar and room bookings, without documented confirmation or scoping requirements for high-impact actions.

User impactAn agent using this skill could change or delete calendar events or book rooms in the user's Dingtalk workspace if it acts on an incorrect or overly broad request.

RecommendationRequire explicit user confirmation before create, update, delete, attendee, or room-booking actions; have the agent summarize event IDs, times, attendees, and rooms before running the command.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`attendees` ... 参与人 userId 列表（最多 500 人）

A mistaken calendar action can propagate to many coworkers' schedules, and the artifact does not define bulk-recipient safeguards or preview/approval steps.

User impactA bad input or misunderstanding could invite many people, change team calendars, or reserve shared rooms incorrectly.

RecommendationAdd bulk-action guardrails: preview recipients, cap attendee counts by default, and require extra confirmation for multi-person invites or shared meeting-room changes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

本技能依赖 `mcporter` 工具。请在终端中手动执行... `npm install -g mcporter` / `bun install -g mcporter`

The global CLI install is disclosed and central to the skill, but it introduces a package-provenance surface that users should verify before installation.

User impactInstalling a global CLI gives that package local execution capability on the user's machine.

RecommendationInstall mcporter only from a trusted package registry/source, pin or verify the version where possible, and avoid running the install command with elevated privileges unless necessary.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

本技能需要配置两个 MCP 服务：**钉钉日历** 和 **钉钉通讯录**；示例包含 `query_busy_status` 和 `get_user_info_by_user_ids`。

Dingtalk Calendar and Contacts access is expected for the stated purpose, but it can expose workspace user details and availability under the user's organizational permissions.

User impactThe agent may be able to view coworker availability or contact information and perform calendar actions using the configured Dingtalk access.

RecommendationReview the Dingtalk MCP permissions, use the least-privileged account or consent scope available, and only allow queries for people and time ranges the user requested.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

访问钉钉 MCP 广场：https://mcp.dingtalk.com ... `mcporter config add dingtalk-calendar --url "这里粘贴钉钉日历的URL"`

The skill relies on user-configured remote MCP endpoints for Dingtalk calendar and contacts; this is expected, but the endpoint becomes a trust boundary for calendar/contact data.

User impactCalendar and contact requests will be sent through the configured MCP URLs, so a wrong or untrusted URL could expose sensitive workspace information.

RecommendationUse only official Dingtalk MCP URLs, verify copied endpoints carefully, and remove or rotate configurations if a URL was pasted from an untrusted source.