dingtalk-workspace-cli

SUSPICIOUS. The skill’s capabilities generally match its DingTalk automation purpose, but the trust model is weak: it runs unpinned remote installers, installs an external binary, auto-installs additional agent skills, and then uses DingTalk credentials to perform organization actions. With no provided verification that the GitHub org and binary are officially operated by DingTalk, the install and credential-forwarding footprint is higher risk than the description implies.