ClawHub

DingTalk Todo CLI

Security checks across malware telemetry and agentic risk

Overview

The skill is a mostly coherent DingTalk workflow helper, but it gives an agent broad live workplace authority with weak boundaries around raw API calls, escalation messages, and cross-platform disclosure.

Install only if you are comfortable letting an agent operate live DingTalk workflows. Require explicit approval before DING messages, escalations, deletes, bulk sheet updates, raw API calls, approval/drive/bot actions, or Feishu/WeCom sharing, and do not run the Level 3 escalation example as written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill is presented as a narrowly scoped DingTalk todo-management helper, but it also documents unrestricted `dws api call` usage for arbitrary OpenAPI endpoints. That broadens the agent's effective authority beyond the advertised scope and can enable unintended access or mutation of other DingTalk resources if an attacker or careless user steers the agent into raw API calls.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The overdue-escalation workflow auto-sends Level 3 director notifications, while the safety section says Level 3+ escalations require user confirmation. This contradiction is dangerous because agents often follow executable-looking workflow examples over policy text, leading to unauthorized high-sensitivity notifications, privacy disclosure, and workplace harm.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The workflow examples create tasks, send DING notifications, and write tracking data to sheets using assignee identities, deadlines, and status without warning about disclosure or obtaining approval from affected users. In a workplace messaging/task platform, these actions can expose performance, assignment, or overdue-status information to managers and others, creating privacy and confidentiality risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal