Back to skill
Skillv0.1.0
ClawScan security
DingTalk Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 20, 2026, 8:27 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a legitimate DingTalk integration, but there are internal inconsistencies and undeclared dependencies you should review before installing.
- Guidance
- This skill looks like a real DingTalk integration, but review a few items before installing: - Confirm the source and code: the repo homepage is provided; inspect the repository (dingtalk.py) yourself to ensure it matches your expectations. - Resolve env var mismatch: SKILL.md marks DINGTALK_AGENT_ID as required but the registry (claw.json) marks it optional and the code treats it as optional. Decide whether the agent id is needed and only provide the minimum credentials. - Ensure 'requests' is available in the runtime environment (the code depends on it but there is no declared dependency or install step). - Limit App permissions: create a DingTalk app with the least privileges needed (message-sending scopes only) and rotate/separate credentials used for the skill. - Test safely: run the Python module in a controlled environment to confirm behavior (what endpoints are called, how tokens are handled). Note the skill will perform network calls to oapi.dingtalk.com using your App ID/Secret. If you require stronger assurance, ask the author to: (1) make DINGTALK_AGENT_ID handling consistent across README/manifest/code, (2) add explicit dependency declarations (requests) or an install spec, and (3) provide a short security note about token handling and necessary app permissions.
Review Dimensions
- Purpose & Capability
- noteName, description, and code align with a DingTalk integration: sending messages, creating chats, and obtaining tokens. Requested env vars (app id/secret/agent id) are appropriate for this purpose. However, metadata and documentation disagree on whether DINGTALK_AGENT_ID is required, and the code reads that variable optionally — this mismatch should be resolved.
- Instruction Scope
- okSKILL.md and instructions.md limit actions to DingTalk API calls (send messages, create/list chats, get token). The runtime instructions and code only reference DingTalk endpoints (oapi.dingtalk.com) and environment variables associated with DingTalk. There are no instructions to read unrelated files, contact unexpected endpoints, or exfiltrate arbitrary data.
- Install Mechanism
- noteThere is no install spec (instruction-only), so nothing is fetched or written automatically — lower install risk. The package includes a Python module that uses the 'requests' library; however, no dependency declaration or install step is provided, so the runtime may fail if 'requests' is not present.
- Credentials
- concernThe skill requests DINGTALK_APP_ID and DINGTALK_APP_SECRET (expected). Documentation also marks DINGTALK_AGENT_ID as required in SKILL.md table, but claw.json marks it optional and the code will work with an empty agent id (prints a warning). This inconsistency could lead to confusion about which secrets are needed. No unrelated credentials are requested.
- Persistence & Privilege
- okThe skill does not request 'always: true', does not modify other skills, and does not require config paths or system-level privileges. It runs network calls to the DingTalk API as expected.