Skills
NYC
skills/smithery/ai/dingtalk-connection/Gen Agent Trust Hub

dingtalk-connection

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • Persistence Mechanisms (HIGH): The skill provides instructions to install a macOS LaunchAgent using launchctl load ~/Library/LaunchAgents/com.clawdbot.dingtalk-bridge.plist. This allows the bridge service to persist across reboots and run in the background.
  • Data Exposure (MEDIUM): The skill documentation identifies ~/.clawdbot/clawdbot.json as a default configuration path. Accessing hidden configuration files in the home directory is a risk for sensitive data exposure.
  • Indirect Prompt Injection (HIGH): The skill's core function is to ingest untrusted data from DingTalk users and relay it to an AI agent. This creates a significant attack surface for indirect prompt injection where an external user could influence the agent's behavior. Evidence: 1. Ingestion points: bridge.py webhook endpoint. 2. Boundary markers: None mentioned in documentation. 3. Capability inventory: Relays messages to Clawdbot Gateway. 4. Sanitization: Not documented.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:51 AM