@soimy/dingtalk Security Audit Report
🔭 Continuously monitored by ClawSecure Watchtower
@soimy/dingtalk is a Other skill for the OpenClaw ecosystem, created by YM Shen <[email protected]> (http://github.com/soimy). ClawSecure audited this skill through our 3-Layer Audit Protocol covering all 10 OWASP ASI Top 10 categories. This skill received a security score of 35/100, indicating significant security concerns that require attention. The audit identified 6 findings, with issues detected across multiple security layers.
3-Layer Audit Protocol
Security Recommendations for @soimy/dingtalk
Pin npm dependencies to exact versions
Unpinned dependencies allow supply chain attacks where a compromised package version is automatically pulled into your skill. Use exact version numbers in package.json (e.g.,
1.2.3 instead of ^1.2.3) to prevent unauthorized code from entering your dependency tree. ClawSecure's supply chain scanning checks every dependency against known CVE databases.Add a config.json permissions manifest
A config.json file declares what permissions your OpenClaw skill needs — file system access, network requests, shell execution, and more. Without it, users have no visibility into what your skill can do before installing. Adding a permissions manifest is the single most impactful security improvement for any OpenClaw skill.
Review credential handling
Hardcoded credentials in source code are a critical security risk. API keys, tokens, and passwords should never appear in skill files. Use environment variables or secure credential storage instead. If credentials have been committed to a public repository, rotate them immediately — they should be considered compromised.
Related OpenClaw Security Research
41% of Popular OpenClaw Skills Have Security Vulnerabilities→Securing the OpenClaw Ecosystem: Your Complete Guide→Related Other Security Audits
Scanned on March 4, 2026. @soimy/dingtalk is one of 2,890+ agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.