Skills
skills/xiaomingx/moltbot-connector-feishu-dingtalk/dingtalk-connection/Gen Agent Trust Hub

dingtalk-connection

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Persistence Mechanism] (HIGH): The file setup_service.py creates a macOS LaunchAgent at ~/Library/LaunchAgents/com.clawdbot.dingtalk-bridge.plist. This configuration ensures the bridge script executes automatically at login and remains running in the background. While functional for a bridge service, it constitutes a persistence mechanism.
  • [Credential Exposure] (HIGH): The setup_service.py script extracts values from the environment, including DINGTALK_SIGNING_SECRET, and writes them in plain text into the EnvironmentVariables block of the generated .plist file. This exposes cryptographic secrets to any local process capable of reading files in the user's LaunchAgents directory.
  • [Indirect Prompt Injection] (LOW): As described in SKILL.md and README.md, the bridge ingests messages from external users via DingTalk webhooks. These messages are forwarded to an AI agent, creating a surface where untrusted user input can influence the agent's downstream behavior.
  • Ingestion points: DingTalk webhook endpoint (/dingtalk).
  • Boundary markers: None visible (implementation of bridge.py is missing from the provided files).
  • Capability inventory: WebSocket connection to local gateway; subprocess execution via uv run in the persistence service.
  • Sanitization: None detected in the configuration files provided.
  • [Missing Source Code] (MEDIUM): The primary logic for the bridge (bridge.py) is referenced in all documentation and scripts but is not included in the skill package. This prevents a full audit of the data handling and sanitization logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:34 PM