Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:90
- Evidence
return Boolean(process.env[value.id]?.trim());
Security audit
Security checks across malware telemetry and agentic risk
This DingTalk integration uses DingTalk credentials and local OpenClaw state in expected, disclosed ways, with no evidence of hidden exfiltration or destructive behavior.
Install only if you intend to connect OpenClaw to a DingTalk enterprise app. Review the DingTalk app permissions, keep clientSecret in a trusted env/file secret source, configure dmPolicy/groupPolicy/allowlists for who can use the bot, and enable feedback learning or docs/proactive capabilities only if those behaviors fit your workspace.
65/65 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
return Boolean(process.env[value.id]?.trim());
const raw = readFileSync(sessionsPath, "utf-8");