Dingtalk Bot Publish
ReviewAudited by ClawScan on May 10, 2026.
Overview
The DingTalk integration is mostly purpose-aligned, but it has inconsistent package provenance, undeclared enterprise credentials, and instructions/background modes that can publish or auto-send messages without clear guardrails.
Review this skill carefully before installing. Verify the package owner/slug/version, remove or ignore the CLAUDE.md publishing instructions, use a least-privilege DingTalk app key/secret, and do not enable Stream auto-replies or persistent memory until you have clear approval, logging, retention, and stop procedures.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not be able to clearly verify which package, owner, or version they are installing and trusting.
This bundled metadata conflicts with the registry metadata for this evaluation, which lists owner kn73ngf0s02mcqawszh8pgzcmh8140sg, slug dingtalk-bot-publish, and version 1.0.0. The README and package.json also use different names/versions, creating a provenance and package-identity ambiguity.
"ownerId": "kn7757f1xmbttny40nh5znhtfx81msgc", "slug": "dingtalk-api", "version": "1.4.0"
Resolve the package identity before installation: align registry metadata, _meta.json, README links, package.json name/version, and dependency declarations.
If an agent follows this file, it could commit, push, or publish code using the user's local/GitHub/ClawHub authority.
This file instructs an agent to automatically perform git and ClawHub publishing actions. That is a high-impact workflow unrelated to the DingTalk API runtime and is not disclosed in SKILL.md as part of normal use.
用户要求发布代码时,自动执行以下步骤:... git add/commit/push 到 GitHub,然后 `clawhub publish` 发布到 ClawHub
Remove this file from the distributed skill or clearly mark it as non-runtime developer documentation; require explicit user confirmation before any git push or ClawHub publish.
Installing and using the skill can give the agent access to sensitive enterprise DingTalk data and the ability to send messages through a DingTalk app.
The skill requires DingTalk enterprise application credentials to obtain access tokens, while the registry metadata declares no required env vars and no primary credential. Those credentials can support directory lookup, bot messaging, Stream events, and documented approval workflows.
已设置环境变量 `DINGTALK_APP_KEY` 和 `DINGTALK_APP_SECRET`
Use a least-privilege DingTalk app, declare the required credentials in metadata, and limit granted DingTalk permissions to the exact functions users intend to run.
Once enabled, the skill could continue listening to DingTalk events and posting replies beyond a single user request.
The documented Stream mode can keep a long-running connection open and automatically send AI-generated replies into DingTalk. The artifacts do not show clear human approval gates, recipient limits, or operational containment for this autonomous mode.
通过WebSocket长连接接收钉钉事件... AI生成的回复直接通过钉钉API发送
Enable Stream mode only with explicit start/stop procedures, monitoring, clear recipient scopes, and approval rules for outgoing messages.
Private DingTalk conversations may be written to local memory files and reused across later interactions.
The skill explicitly stores per-session conversation history and personalized memory locally. This is disclosed and aligned with a chat bot, but it can contain sensitive enterprise messages.
每个会话保持完整的对话历史和个性化记忆... 会话记忆保存在 `memory/` 目录下
Configure storage location, retention, access permissions, and cleanup policies before enabling persistent memory.