ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DingTalk CLI Auto

v1.0.0

基于钉钉官方CLI工具dws,实现消息发送、日程管理、待办事项、通讯录查询及机器人消息自动化操作。

0· 55·0 current·0 all-time
by@onlyloveher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill implements wrappers around the DingTalk 'dws' CLI for messages, calendar, todos, contacts and robot webhooks — this is coherent with its name/description. However the registry metadata claims no required env vars or binaries while SKILL.md and the code clearly require the dws CLI and DWS_CLIENT_ID / DWS_CLIENT_SECRET. That metadata mismatch is unexpected.
Instruction Scope
SKILL.md confines runtime actions to installing dws, setting DingTalk app credentials, running dws auth and invoking included node scripts. The scripts call dws (via child_process.execSync) and send webhook requests only when the user supplies a webhook. Instructions do not attempt to read unrelated system files or exfiltrate data in the codebase. The only scope concern: SKILL.md tells users to pipe a remote install script into sh/iex which has broader runtime impact until you inspect it.
!
Install Mechanism
The package registry lists no install spec but SKILL.md instructs installing the dws CLI by piping a script from a raw GitHub URL (curl | sh or irm | iex). While GitHub raw is a common host, piping and executing remote install scripts is higher risk and should be reviewed before running. The skill itself includes package.json and Node code that require npm install — there is no platform install spec in metadata, which is an inconsistency.
!
Credentials
The code and documentation require DWS_CLIENT_ID and DWS_CLIENT_SECRET (and optionally DINGTALK_DEFAULT_CHAT / DINGTALK_DEBUG). The registry metadata omitted these required env vars and declared no primary credential. Requesting the DingTalk app key/secret is proportionate to the skill's purpose, but the omission from declared metadata is a packaging/information problem and increases risk because users may not realize which secrets are needed.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not require persistent elevated privileges. It runs as a normal skill and calls local dws CLI and axios for webhooks when invoked.
What to consider before installing
This skill appears to be a straightforward wrapper around the DingTalk 'dws' CLI and the included Node modules are readable and not obfuscated. However: 1) The registry metadata is inconsistent — SKILL.md and code require the dws CLI and DWS_CLIENT_ID/DWS_CLIENT_SECRET but the skill metadata lists none. Expect to provide your DingTalk app key/secret. 2) SKILL.md recommends installing dws by piping a remote script from a GitHub raw URL (curl | sh / irm | iex). Do NOT run that without inspecting the install.sh / install.ps1 contents and verifying the repository is trustworthy. 3) Before installing, verify the dws installer URL and the dws project ownership; prefer installing dws from the official vendor page or trusted package manager if available. 4) Run this skill in an isolated or test environment first (or a container) and review package.json/package-lock for dependencies. 5) If you provide AppKey/AppSecret, ensure they have minimal necessary permissions and rotate them if you stop using the skill. If you want, I can: (a) fetch and summarise the referenced install.sh/install.ps1 contents, (b) point out exactly where to set environment variables in OpenClaw config, or (c) highlight every place in the code that uses credentials/execSync for a focused review.
lib/dws.js:21
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

automationvk9736z3vp4hb9zwne5sfwqc6cn845t28clivk9736z3vp4hb9zwne5sfwqc6cn845t28dingtalkvk9736z3vp4hb9zwne5sfwqc6cn845t28enterprisevk9736z3vp4hb9zwne5sfwqc6cn845t28latestvk9736z3vp4hb9zwne5sfwqc6cn845t28

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments