dingtalk-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements secure local credential management by storing application keys and tokens in the user's home directory (
~/.dingtalk-skills/config) and includes explicit logic to mask sensitive values in logs and configuration displays. - [SAFE]: All automated network operations within the
scripts/dt_helper.shutility are restricted to official and well-known DingTalk domains (api.dingtalk.comandoapi.dingtalk.com) for the purposes of authentication and API interaction. - [SAFE]: The helper script is written in transparent, well-documented shell code with no evidence of obfuscation, malicious persistence mechanisms, or unauthorized data exfiltration.
- [SAFE]: The skill does not download or execute remote scripts from untrusted sources. It relies exclusively on standard system binaries and the provided local scripts to facilitate its operations.
Audit Metadata