Back to skill
Skillv0.0.6
ClawScan security
DingTalk Sheets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 6:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with its stated purpose: it calls the DingTalk MCP via the mcporter CLI and only needs a MCP streamable URL; nothing in the package suggests covert or unrelated access.
- Guidance
- This skill appears to do exactly what it claims: it calls DingTalk MCP tools through the mcporter CLI and provides local scripts for CSV import/export. Before installing: ensure you trust the mcporter binary and the MCP endpoint (DINGTALK_MCP_SHEETS_URL) because the URL contains an access token; prefer storing the URL in mcporter config rather than exposing it in plaintext environment variables or shared files. Note that the helper scripts respect OPENCLAW_WORKSPACE to limit filesystem access—set that env var if you want to control where imports/exports are allowed. If you need higher assurance, run the included tests (python tests/test_security.py) and inspect/verify the mcporter installation source.
Review Dimensions
- Purpose & Capability
- okName/description match what the code and SKILL.md do: all actions are spreadsheet operations via mcporter. Required binary (mcporter) and primary env var (DINGTALK_MCP_SHEETS_URL) are appropriate for a MCP-backed DingTalk Sheets integration.
- Instruction Scope
- noteRuntime instructions are narrowly scoped to calling mcporter tools (create_workspace_sheet, get_range, update_range, etc.) and to local helper scripts for CSV import/export. The scripts explicitly restrict filesystem access to a workspace via resolve_safe_path. Minor note: the code reads OPENCLAW_WORKSPACE to determine allowed local paths, but that env var is not listed in requires.env in SKILL.md; this is a limited scope issue (workspace control) rather than broad data access.
- Install Mechanism
- okNo ad-hoc download/install steps. The repo contains Python helper scripts and package.json metadata but no installer that pulls arbitrary code at runtime. Execution relies on the mcporter binary being present (expected for MCP integrations).
- Credentials
- noteOnly one declared credential (DINGTALK_MCP_SHEETS_URL) is required and is appropriate because it contains the MCP access token. Small inconsistency: helper code uses OPENCLAW_WORKSPACE to constrain file access but that env var isn't listed in requires.env; OPENCLAW_WORKSPACE is optional and used only to limit local filesystem actions.
- Persistence & Privilege
- okSkill is not always-enabled (always: false) and does not request system-wide configuration changes. It relies on mcporter for credential storage/usage and does not require elevated or persistent platform privileges beyond normal skill invocation.