Back to plugin

Security audit

Openclaw Channel Dingtalk

Security checks across malware telemetry and agentic risk

Overview

This DingTalk integration uses DingTalk credentials and local OpenClaw state in expected, disclosed ways, with no evidence of hidden exfiltration or destructive behavior.

Install only if you intend to connect OpenClaw to a DingTalk enterprise app. Review the DingTalk app permissions, keep clientSecret in a trusted env/file secret source, configure dmPolicy/groupPolicy/allowlists for who can use the bot, and enable feedback learning or docs/proactive capabilities only if those behaviors fit your workspace.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:90
Evidence
return Boolean(process.env[value.id]?.trim());

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/index.js:1746
Evidence
const raw = readFileSync(sessionsPath, "utf-8");