钉钉 OA 审批工具
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: dingtalk-approval Version: 2.3.2 The dingtalk-approval skill bundle is a legitimate integration for managing DingTalk OA approvals. The code in index.js interacts exclusively with official DingTalk API endpoints (api.dingtalk.com and oapi.dingtalk.com) to fetch tasks, details, and execute approval actions. It includes proactive security measures such as the sanitizeConfig and sanitizeAttachment functions to prevent sensitive credentials or internal resource IDs from being leaked in logs. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad instruction could cause the assistant to approve or reject a real OA request.
The skill can perform approval decisions in DingTalk. This is disclosed and core to the purpose, but it changes real business workflow state.
执行审批:调用 `execute_approval_task` 时必须传入从 `get_pending_tasks` 获取的 task_id ... `action`: `"AGREE"`(同意)或 `"REFUSE"`(拒绝)
Have the assistant show the target task details and get clear user confirmation before every agree/refuse action, especially for reimbursements, contracts, leave, or batch requests.
Anyone who can use the configured agent may be able to act through the configured DingTalk app/user permissions.
The skill requires DingTalk application credentials and delegated enterprise permissions. This is expected for the integration, but those credentials are sensitive and can carry broad account authority.
记录以下信息:AppKey ... AppSecret ... 添加以下权限:OA 审批:`process` 相关权限 ... 通讯录:`contact` 相关权限(用于获取用户信息)
Use a dedicated least-privilege DingTalk app, avoid shared/admin credentials unless necessary, protect appSecret, and grant contact or holiday permissions only when the deployed workflow truly needs them.
Approval titles, applicant information, form contents, and vacation balance results may be visible in the chat/session where the skill is used.
The visible code sends credentials to DingTalk's token endpoint and queries DingTalk OA APIs. The destination is purpose-aligned and disclosed, but approval data will enter the agent's context.
fetch("https://api.dingtalk.com/v1.0/oauth2/accessToken" ... body: JSON.stringify({ appKey: config.appKey, appSecret: config.appSecret })) ... fetch(`https://oapi.dingtalk.com/topapi/process/workrecord/task/query?access_token=${token}`Use the skill only in trusted workspaces, avoid exposing transcripts containing sensitive HR or business approval data, and keep DingTalk configuration scoped to the intended user.