dingtalk-workflow-knowledge-base
Warn
Audited by Socket on Apr 14, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
该技能的目标与能力大体一致:抓取链接、生成摘要并存入钉钉知识库。不过它依赖未说明来源的 dws CLI 作为核心执行面,并处理不受信任网页内容且具有写入/群消息能力,因此更适合判定为 SUSPICIOUS 而非 BENIGN;未见明确凭据窃取或恶意外传证据。
Confidence: 80%Severity: 72%
Audit Metadata