ClawHub

Dingtalk Connector Guide

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent colleague-profile builder, but it asks for broad access to workplace messages, documents, contacts, browser sessions, and secrets without enough privacy and scoping safeguards.

Install only if you are authorized to collect the relevant workplace data. Use a dedicated least-privilege Feishu/DingTalk app, avoid pasting secrets into chat, store tokens in a secure local secrets manager, get consent from affected people where required, limit collection size and scope, and delete generated knowledge files when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to enable broad enterprise message-reading and member-information permissions, but provides no justification for least-privilege scoping, privacy notice, or warning about the sensitivity of employee communications and directory data. In a corporate chat integration context, this can lead to unnecessary collection of internal messages and personnel information, increasing privacy, compliance, and insider-risk exposure if the bot or its host is misconfigured or compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide tells users to record and enter AppSecret credentials directly, but gives no warning that these are highly sensitive secrets that must not be hardcoded, logged, shared in screenshots, or stored insecurely. If exposed, an attacker could impersonate the integration, access enterprise APIs within granted scopes, or disrupt bot operations.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal