DingTalk Channel Install

Security checks across malware telemetry and agentic risk

Overview

The skill is a real DingTalk channel installer, but it enables broad chat access and persists credentials in the OpenClaw config by default.

Before installing, review the generated ~/.openclaw/openclaw.json, restrict allowFrom and chat policies to only the DingTalk users or groups you trust, protect the config file because it contains the Client Secret, consider --skip-restart until you have reviewed the config, and verify the @soimy/dingtalk plugin source/version before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the user to run shell commands and a local Python installer that can modify plugin state and write configuration, but it does not declare any corresponding permissions. This creates a transparency and trust problem: a user or platform may underestimate the skill's ability to read/write files and execute commands, increasing the chance of unintended system changes or secret exposure during installation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal