Keplerjai Dingtalk Attendance

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to export DingTalk attendance reports, but it needs review because it handles sensitive employee data and can install a Python package during normal use.

Install only if you administer the DingTalk app and are authorized to export employee attendance data. Install npm and Python dependencies in a controlled environment before running, remove or avoid the automatic pip-install fallback, keep .env/config.json out of version control, restrict access to the output directories, define retention/deletion rules, and enable cron only with clear approval and monitoring.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (13)

os.system() or os exec-family call

High

Category: Dangerous Code Execution
Content: from openpyxl import load_workbook except ImportError: print("正在安装必要依赖 openpyxl...") os.system('pip install openpyxl -q') from openpyxl import load_workbook
Confidence: 97% confidence
Finding: os.system('pip install openpyxl -q')

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Installing dependencies on the fly is not necessary for the exporter’s core purpose and introduces an unnecessary code-execution and supply-chain risk. A package install may download untrusted content, run build/install hooks, and alter system state without the operator deliberately approving that action.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The script builds a shell command string and invokes a local Python subprocess to generate Excel output. While this appears intended for convenience rather than abuse, spawning an external interpreter increases attack surface, creates a dependency on local environment state, and can become dangerous if the script path or argument handling is ever influenced by untrusted input.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document explicitly instructs users to run commands that generate and persist employee attendance data locally as JSON and Excel files, but it does not provide a clear pre-execution warning about sensitive personal data being written to disk and retained. In the context of attendance records, these files can contain employee identities, schedules, locations, leave status, and exception data, increasing privacy, compliance, and unauthorized-access risk if users run the skill on insecure systems or shared environments.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly states that detailed attendance data and Excel reports are automatically generated, including sensitive employee information such as names, user IDs, leave records, exception statistics, and check-in locations. In an HR/attendance context this is personal data, and the absence of any privacy warning, retention guidance, access control recommendations, or masking guidance increases the risk of over-collection, insecure local storage, and accidental disclosure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The setup guide instructs users to place sensitive DingTalk credentials in a local .env file but does not warn them to keep the file out of version control, restrict file permissions, or avoid sharing it. For an attendance integration, these secrets can enable unauthorized API access to employee attendance data, making accidental leakage a meaningful confidentiality risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill processes employee attendance records and may save them locally or push them to external channels, but it does not clearly define the sensitivity, retention, recipients, or leakage risks of this personal data. Attendance data is employee monitoring data and often includes timestamps, identities, and exception records, so vague handling guidance can lead to privacy violations, over-collection, or disclosure to unauthorized parties.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document explicitly states that employee data, including names and user IDs, is exported to local JSON files, but it provides no warning about handling personal data, retention, access control, or encryption. In the context of an attendance integration, normalizing local storage of personnel data can lead to unnecessary data exposure if the workstation, repository, backups, or shared directories are compromised.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The instructions tell the operator to enable attendance-management permissions for records, groups, and reports without explaining that these scopes grant access to sensitive employee behavioral and HR-adjacent data. In a skill specifically designed to pull attendance data, omission of a privacy warning increases the risk that users grant broad permissions without understanding the resulting exposure or governance obligations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide explicitly documents exporting detailed attendance records, including names, employee IDs, punch times, leave records, exceptions, and locations, to local JSON and Excel files without any warning about personal data handling, retention, or access control. Because attendance data is sensitive employee information, normalizing unmanaged local export increases the risk of unauthorized disclosure, over-collection, and insecure downstream sharing.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The scheduled task examples encourage automatic daily and weekly collection of employee attendance data and local file generation, but do not warn users that this creates ongoing background processing and repeated accumulation of sensitive records. In this context, automation increases exposure because data may be collected, stored, and forgotten without review, expanding the chance of privacy violations or unauthorized access over time.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script launches a shell command without prior confirmation, so a user expecting file export behavior may unknowingly trigger network access and local environment changes. This is especially risky in enterprise or restricted environments where unattended subprocess execution is prohibited or could be abused through package-index or environment compromise.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill exports employee attendance data to local JSON and Excel files, which may contain sensitive personal and workplace activity information. Storing this data on disk without explicit warning, retention controls, or access protections can expose it to other local users, backups, sync tools, or accidental sharing.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal