Back to skill
Skillv1.0.2
VirusTotal security
Dingtalk Calendar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:47 AM
- Hash
- 9c4a6e55d37298745b7315b05a9034e33d03fa4e2080fef84ef619c8951ad445
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dingtalk-calendar Version: 1.0.2 The skill is classified as suspicious due to its reliance on installing a global CLI tool (`mcporter`) via `npm` or `bun` as instructed in `SKILL.md`. While this is necessary for the skill's stated purpose of managing DingTalk calendar and contacts, installing global packages introduces an external dependency and expands the execution environment, posing a potential supply chain risk if the `mcporter` package itself were compromised. Additionally, the skill involves executing commands with JSON arguments, which could be a vector for injection if the OpenClaw agent or the `mcporter` tool does not properly sanitize user input, although the skill itself does not demonstrate malicious intent or exploitation.
- External report
- View on VirusTotal