dingtalk-send-media

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends a chosen local file to a DingTalk user or group using configured DingTalk credentials.

Install only if you trust this skill with DingTalk sending rights. Before each use, verify the exact local file, recipient user or group ID, DingTalk account, and whether the file contains sensitive information, because successful use uploads the file to DingTalk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This skill explicitly enables sending arbitrary local files to DingTalk users or groups, but the README does not provide a prominent warning that local file contents, filenames, and recipient identifiers will be transmitted to an external service. In an agent setting, that omission increases the risk of unintentional data exfiltration, especially when users or the model select local paths or screenshots containing sensitive information.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The workflow says to extract the file path and target ID, execute the script, and then report success, but it does not require an explicit warning or confirmation immediately before transmitting a local file to DingTalk. In a file-transfer skill, this is dangerous because local files may contain sensitive data and sending them to a chat recipient is irreversible once transmitted.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script explicitly sources DingTalk credentials from environment variables and then uses them to upload local files and send messages to DingTalk, but normal execution provides no consent check, recipient confirmation, or user-visible disclosure. In an agent setting, this creates a real risk of unintended data exfiltration because arbitrary local files may be transmitted off-host once the skill is invoked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal