dingtalk-openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a transparent setup guide for a DingTalk bot that forwards chat messages to a local OpenClaw API and posts replies back, with privacy precautions users should apply.

Install or follow this skill only if you intend to run a DingTalk AI assistant that forwards chat text to OpenClaw. Keep the DingTalk secrets, OpenClaw token, and webhook URL private; restrict the bot to approved conversations; consider redacting or disabling message logs; clean up the processed-ID file when needed; and pin or review Python dependencies for production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill routes DingTalk user messages to the OpenClaw HTTP API and also logs message content locally, but the description does not clearly warn users or operators that conversational content is transmitted and stored. This creates a real privacy and data-handling risk because sensitive business or personal data may be exposed without informed consent or appropriate operational controls.

External Transmission

Medium

Category: Data Exfiltration
Content: "model": "openclaw", "input": user_msg } r = requests.post(OPENCLAW_URL, headers=headers, json=data, timeout=60) if r.status_code == 200: result = r.json() output = result.get("output", [])
Confidence: 89% confidence
Finding: requests.post(OPENCLAW_URL, headers=headers, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal