v0.1.3

多平台私信合并助手

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:17 AM.

Analysis

The skill mostly matches its inbox-merging purpose, but it should be reviewed because it handles private messages and uses DingTalk credentials/tokens through a configurable endpoint that is not declared or tightly bounded.

GuidanceBefore installing, review the exact platforms, DingTalk app permissions, message API URL, input files, and output folder. Use least-privilege DingTalk credentials, do not point DINGTALK_MESSAGES_API_URL at untrusted domains, and protect or delete generated reports containing private messages.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

python3 skills/multi-inbox-merge/scripts/fetch_dingtalk_messages.py ... python3 skills/multi-inbox-merge/scripts/merge_inbox.py

The skill instructs use of local Python scripts. This code execution is disclosed, central to the purpose, and the referenced script sources are included.

User impactUsing the skill involves running local code that reads/writes files and may call the DingTalk API when requested.

RecommendationReview the included scripts and run them from a controlled working directory containing only the intended input files.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/fetch_dingtalk_messages.py

ap.add_argument('--client-secret', default=os.getenv('DINGTALK_CLIENT_SECRET', '')) ... ap.add_argument('--messages-url', default=os.getenv('DINGTALK_MESSAGES_API_URL', ''), help='你的消息查询接口 URL（按企业应用能力配置）') ... data_resp = post_json(args.messages_url, payload, headers={'x-acs-dingtalk-access-token': access_token,})

The script consumes a DingTalk app secret, obtains an access token, and sends that token to a configurable messages URL. The artifacts do not restrict that endpoint or clearly bound the message-access scope, and the registry metadata declares no credential/env requirement.

User impactA user may grant workplace-message access without realizing the token can be sent to whatever message API URL is configured.

RecommendationDeclare the DingTalk credential requirements in metadata, use least-privilege DingTalk app permissions, require user confirmation of the exact messages URL, and restrict it to approved enterprise endpoints.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

scripts/merge_inbox.py

write_csv(os.path.join(args.out, 'merged_messages.csv'), dedup, ['source', 'contact_key', 'sender', 'timestamp', 'text', 'thread_id', 'direction'])

The merger writes full message text and contact identifiers into persistent local CSV reports, which is expected for an inbox consolidation tool but sensitive.

User impactPrivate communications from multiple platforms may be copied into new local report files and used to prioritize follow-up actions.

RecommendationRun it only on approved exports, store outputs in a protected folder, and delete or redact generated reports when they are no longer needed.