ClawHub

DingTalk Sheets

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DingTalk Sheets integration that can read, write, import, and export spreadsheets, with no evidence of hidden or unrelated behavior.

Install only if you want an agent to operate DingTalk Sheets through mcporter. Treat DINGTALK_MCP_SHEETS_URL as a secret, keep imports/exports inside the intended workspace, and confirm the target sheet, range, and output filename before allowing writes or exports. Note that import_sheet.py currently has a non-security bug: it imports APPEND_ROWS_MODE, which is not defined in mcporter_utils.py.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes external tooling (`mcporter`), depends on an environment variable carrying a credentialed MCP URL, and explicitly documents local file import/export scripts, yet it declares no explicit permissions. This creates a capability/permission mismatch that can hide shell, file read/write, and secret-access behavior from policy enforcement and user review, increasing the chance of unintended local file operations or secret misuse.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The README instructs users to place a sensitive MCP service URL into local configuration without warning that this value may function as a credential or bearer-style endpoint. In practice, users may commit the config to source control, share screenshots, or leave local files world-readable, which could allow unauthorized use of the connected service.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger description includes broad terms such as spreadsheets, reports, and CSV import/export, which can overlap with ordinary user requests that are not specifically about DingTalk Sheets. Overbroad triggering can cause the wrong skill to activate and perform file or remote data operations in an unintended context, especially because this skill supports writing cells and exporting local files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes exporting DingTalk sheet data to local `.csv`/`.tsv` files in the workspace, but it does not clearly require user-facing notice or confirmation before creating those files. Silent local export can expose sensitive business data into the workspace filesystem, where it may persist longer than expected or be accessed by other tools/processes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal