ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

dingtalk-doc-enterprise

v1.0.4

钉钉文档企业版(多用户支持)。通过钉钉企业 API 管理文档,自动从钉钉连接器获取当前用户身份。支持读取、创建、编辑、删除文档。Design by Ash。

1· 25·0 current·0 all-time
byAsh@shyzhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name, README, SKILL.md and code all describe a DingTalk enterprise document manager and require Node.js and DingTalk API credentials; Node is appropriate and the APIs used match the stated purpose. However, the registry metadata lists no required environment variables even though the runtime expects DINGTALK_CLIENTID and DINGTALK_CLIENTSECRET — this mismatch is inconsistent and requires explanation.
Instruction Scope
SKILL.md and the code instruct the agent to use environment-provided credentials and OpenClaw-injected sender IDs to call DingTalk APIs. The runtime does not attempt to read arbitrary files, nor call unrelated external endpoints; all referenced endpoints are DingTalk APIs and instructions limit behavior to document CRUD operations.
Install Mechanism
No install spec and only an instruction-only/Node script are provided. Nothing is downloaded from arbitrary URLs and the only required binary is Node — this is low risk for installation mechanism.
!
Credentials
The skill legitimately requires sensitive env vars (DINGTALK_CLIENTID and DINGTALK_CLIENTSECRET) to obtain access tokens. Those variables are declared in SKILL.md and used by the code, but the registry metadata incorrectly lists no required env vars. That omission is the main proportionality problem: the requested secrets are appropriate for the feature, but the metadata omission could lead to misconfiguration or accidental credential exposure if users are not warned.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is user-invocable with normal autonomous invocation allowed. No excessive persistence or system-wide privileges are requested.
What to consider before installing
This skill's code and documentation look coherent for a DingTalk document-management tool and do require DINGTALK_CLIENTID and DINGTALK_CLIENTSECRET. However, the registry metadata omits those required env vars — treat that as a red flag. Before installing: (1) ask the publisher to correct the registry metadata to declare the required credentials, (2) verify the skill source/author (source is listed as unknown), (3) create a DingTalk app with the minimal permissions needed and use app secrets with least privilege, and (4) avoid pasting real production secrets into shared environments until you confirm the skill's provenance and behavior (test in an isolated account or sandbox). If the publisher cannot explain the metadata mismatch, consider not enabling the skill.
doc-enterprise.js:18
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976h6mnq0q06wpc3yypyqa7x184j5ht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments