Back to skill
Skillv1.2.2
ClawScan security
Dingtalk File Send · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 25, 2026, 5:01 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (reading the OpenClaw config, obtaining a DingTalk token, uploading media, and sending a message) matches its stated purpose of sending files via DingTalk; it is internally consistent but reads sensitive local credentials so verify trust before use.
- Guidance
- This skill appears to do what it says: it reads your OpenClaw config (~/.openclaw/openclaw.json) to obtain DingTalk credentials, gets an access token, uploads the file, and sends it. Before installing or running it, verify the skill source (unknown here), inspect the SKILL.md yourself, and confirm the config file only contains accounts you expect. Treat the clientSecret/robotCode as sensitive: only use this skill if you trust it and consider testing in an isolated account or environment first. Also ensure curl/jq on your system are the real binaries (not replaced by malicious wrappers). If you lose confidence in the skill or its origin, rotate the DingTalk credentials referenced in your OpenClaw config.
Review Dimensions
- Purpose & Capability
- okName and description describe sending files via DingTalk; the SKILL.md only requires curl/jq and access to the OpenClaw config to obtain DingTalk credentials and tokens, which is coherent with that purpose.
- Instruction Scope
- noteInstructions explicitly read ~/.openclaw/openclaw.json to extract clientId/clientSecret/robotCode and the optional OPENCLAW_AGENT_ID from environment, then call DingTalk APIs to upload and send files — all actions stay within the declared task but do involve reading local credentials.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; it requires only common CLI tools (curl and jq) that are expected for the provided shell examples.
- Credentials
- noteAccess to clientId/clientSecret/robotCode in the OpenClaw config is necessary to obtain an access token and is proportionate to the task; however the registry metadata lists no required env vars while the SKILL.md reads OPENCLAW_AGENT_ID (optional) and the local config, a minor metadata mismatch and a sensitive operation (reads secrets).
- Persistence & Privilege
- okSkill does not request always:true, does not modify other skills, and does not install persistent components; autonomous invocation is allowed (platform default) but not elevated by the skill itself.