钉钉群聊管理

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DingTalk group-creation helper that uses DingTalk app credentials for the expected purpose, with some documentation and debug-logging cautions.

Install only if you intend to let an agent create DingTalk internal groups. Use a least-privilege DingTalk app, keep the app secret out of shared terminals and logs, avoid --debug in CI or shared environments, and manually confirm owner/member IDs before running group-management commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill requires access to sensitive environment variables (`DINGTALK_APP_KEY`, `DINGTALK_APP_SECRET`) but does not declare permissions or otherwise make that capability explicit. This can lead to over-trust and unsafe execution in agent environments where permission transparency is important, especially because these credentials enable authenticated operations against enterprise group-management APIs.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation advertises destructive group-management capabilities such as member management and disbanding groups, but it does not clearly warn users that these actions can disrupt business communications or be irreversible in practice. In an agentic setting, lack of explicit safety warnings increases the risk of accidental or insufficiently reviewed destructive actions against real enterprise chat groups.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill instructs users to export application credentials as environment variables but does not warn that these values are secrets that must not be logged, committed, or exposed in shell history and debug output. Because the same document also mentions a `--debug` mode, insufficient secret-handling guidance can increase the chance of credential leakage during setup or troubleshooting.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: When --debug is enabled, the script prints the full request body, including the group owner and member user IDs, to stderr. This creates unnecessary exposure of internal identifiers in terminal history, CI logs, or centralized logging systems, which can aid user enumeration or leak organizational metadata.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal