ClawHub

Dingtalk Group Saver

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its stated job, but it automatically stores DingTalk group metadata in shared long-term memory and has a real file-integrity risk when rewriting MEMORY.md.

Install only if you are comfortable with DingTalk group IDs and names being saved into shared OpenClaw memory across sessions. For business workspaces, consider disabling the MEMORY.md write, backing up MEMORY.md first, adding explicit admin/user consent, and documenting how saved groups can be reviewed and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill does more than its stated purpose of storing DingTalk group IDs and names: it also rewrites a broader shared MEMORY.md file and injects inferred group-purpose metadata. This expands the write scope from a narrow data store to a workspace-wide memory artifact, creating integrity and privacy risks because unrelated agent context can be altered or exposed without explicit user approval.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The replacement logic builds a new section but then truncates the file by assigning `content = content.substring(0, startIndex) + newSection` without appending the remainder of the original document. As a result, content after the rewritten section can be silently destroyed, which is a file integrity vulnerability in a shared workspace memory file.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states it will automatically persist DingTalk group IDs and names into shared long-term memory files, including MEMORY.md that is readable across sessions. This creates a privacy and data-governance risk because sensitive organizational metadata is retained and broadly exposed without any notice, consent, retention limit, or access scoping.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code automatically persists DingTalk conversation identifiers and group names to local memory on mention events with no user-facing notice, consent, or control. Group IDs and names can reveal organizational structure or sensitive communication channels, so silent collection and durable storage increases privacy and data-retention risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The documented behavior stores group identifiers in a globally readable long-term memory file across sessions, making internal communication metadata available to unrelated future contexts and users of the workspace. Even if intended for convenience, cross-session exposure of group IDs and names increases the chance of unauthorized discovery, misuse, or accidental leakage of internal collaboration structure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal