ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dingtalk Api

v0.0.1

调用钉钉开放平台API,支持用户搜索/详情/查询、部门管理(搜索/详情/子部门/用户列表/父部门)、机器人单聊消息发送、群聊消息发送、群内机器人列表查询、Stream模式事件推送、多会话隔离管理等核心功能。Use when needing to search DingTalk users or departmen...

2· 15.8k·3 current·4 all-time
byZao_hon@zaohon
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name, README and SKILL.md describe a DingTalk API integration and the included scripts implement that functionality (user/department management, messaging, Stream mode). However the registry metadata claims no required environment variables or primary credential while SKILL.md and many scripts explicitly require DINGTALK_APP_KEY and DINGTALK_APP_SECRET. Other metadata mismatches exist: package.json name/version differ from _meta.json and the registry listing (slug/ownerId/version). Those discrepancies indicate the published metadata does not accurately describe the package.
Instruction Scope
SKILL.md and the scripts are explicit about what to run (ts-node scripts/*.ts, Python virtualenv and pip install dingtalk-stream, start/stop scripts). The runtime instructions only reference expected resources (env vars, memory directory, network access to oapi.dingtalk.com, and a public HTTPS endpoint for Stream). They do not demand unrelated system files. However a prompt-injection detection (unicode-control-chars) was raised in SKILL.md which could indicate attempts to manipulate automated evaluators or an encoding anomaly—this should be inspected.
!
Install Mechanism
The package declares 'No install spec' (instruction-only) in the registry metadata but actually contains hundreds of source files and a full Python virtualenv (venv/) with many vendored packages. Bundling a prebuilt venv and numerous third‑party packages inflates attack surface and is unusual/unnecessary for an instruction-only skill. The repo also contains packaging/publish helper scripts that assume local filesystem operations. There are no remote download URLs in the provided manifest, but the presence of vendored binaries and site-packages is disproportionate and should be inspected or removed.
Credentials
The runtime code consistently requires DINGTALK_APP_KEY and DINGTALK_APP_SECRET (appropriate and proportional for calling DingTalk APIs). The problem is the registry-level 'Required env vars: none' contradicts the actual needs; that mismatch is concerning because an installer or automation might not prompt the user for these secrets. Apart from the expected DingTalk credentials, the code does not appear to require unrelated secrets.
Persistence & Privilege
always:false (good). The skill contains code that can send messages via DingTalk robots and run a long-lived Stream bridge (WebSocket/HTTP server). If the agent platform allows autonomous invocation, this capability increases blast radius (the skill could be used to send messages or perform operations in your DingTalk org). That by itself is expected for a messaging integration, but because of the metadata and packaging inconsistencies you should be cautious about granting autonomous invocation without explicit trust controls.
Scan Findings in Context
[unicode-control-chars] unexpected: The prompt-injection detector found unicode control characters in SKILL.md. This is not expected for a normal documentation file and may be an attempt to influence automated evaluators or could be an encoding artifact; review SKILL.md for hidden characters.
What to consider before installing
What to check before installing or running this skill: 1) Metadata mismatches: The registry listing claims no required env vars, but SKILL.md and scripts require DINGTALK_APP_KEY and DINGTALK_APP_SECRET. Owner/slug/version values also differ between files. Ask the publisher to explain and correct these mismatches. Do not rely solely on the registry metadata. 2) Inspect the package contents locally: this bundle includes a full Python virtualenv (venv/) and many vendored packages. Large vendored artifacts increase risk—consider obtaining a clean source-only release (no venv) or rebuilding dependencies from official registries yourself. 3) SKILL.md prompt-injection signal: open SKILL.md in a hex-aware editor and search for non-printable/unicode-control characters. Remove or ask the author about any suspicious hidden characters. 4) Least privilege for credentials: Only provide the DingTalk AppKey/AppSecret to a package you trust. Prefer creating a dedicated enterprise internal application with minimal permissions and rotate credentials after testing. Never paste long-lived enterprise credentials into remote UIs or public places. 5) Sandbox test: Run the scripts in an isolated environment (VM/container) and with a test DingTalk application (not production org). Verify network endpoints contacted are only DingTalk's oapi.dingtalk.com or other documented endpoints. 6) Limit autonomous actions: If possible, disable automatic skill invocation until you have validated behavior. Because the skill can send robot messages and run a Stream bridge, unrestricted autonomous access could cause unwanted messages or actions in your org. 7) Source provenance: The package references 'clawhub' publishing scripts and a GitHub clone URL in README; prefer to install from an official, trusted repository (e.g., the publisher's verified GitHub or a vetted registry) and confirm the publisher identity matches the registry owner. If you cannot validate the provenance and clean up the bundled environment (remove venv, fix metadata, remove hidden characters), treat this package as untrusted and do not provide real production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk976j33b3veztyw3jkyv5v3ypn81x3kj
15.8kdownloads
2stars
1versions
Updated 7h ago
v0.0.1
MIT-0
Zao_hon@zaohon
latest
Download

DingTalk API Skill

用于调用钉钉开放平台 API 的技能,提供完整的钉钉企业级集成功能,包括传统API调用和Stream模式事件推送。

核心功能模块

用户与组织管理

  • 用户搜索、详情查询、手机号/unionid查询
  • 部门管理(搜索、详情、子部门、用户列表、父部门)
  • 企业员工统计、组织架构映射
  • 离职记录查询、未登录用户列表

消息与机器人

  • 机器人单聊消息发送
  • 机器人群聊消息发送
  • 群内机器人列表查询
  • 消息内容格式化与发送

Stream模式事件推送(推荐)

  • 实时消息接收:通过WebSocket长连接接收钉钉事件
  • 多会话隔离:为每个用户/群聊成员创建独立的AI会话
  • 上下文保持:每个会话保持完整的对话历史和个性化记忆
  • 自动回复路由:AI生成的回复直接通过钉钉API发送,避免多通道冲突

OA审批管理

  • 审批实例查询、详情获取
  • 发起、终止、执行、转交审批任务
  • 审批评论管理、待办数量统计

API版本支持

传统服务端API (兼容)

  • 用户管理:用户查询、部门管理
  • 消息发送:机器人消息
  • 特点:稳定可靠、广泛使用、向后兼容

Stream模式API (推荐)

  • 事件推送:实时接收钉钉消息和事件
  • 长连接:基于WebSocket的持久连接
  • 高并发:支持大量用户同时对话
  • 低延迟:消息处理延迟毫秒级

权限说明

企业内部应用

  • 支持所有功能:用户管理、消息、Stream模式、OA审批
  • 权限配置:在钉钉开发者后台申请相应权限
  • 认证方式:使用AppKey/AppSecret获取access_token
  • Stream配置:需在开发者后台配置事件订阅和回调URL

第三方企业应用

  • 部分功能支持:用户管理、消息
  • 认证方式:OAuth2.0授权流程
  • Stream模式:不支持

第三方个人应用

  • 功能受限:仅支持基础用户查询
  • 不支持:消息发送、Stream模式

前置要求

传统API模式

  • 已设置环境变量 DINGTALK_APP_KEYDINGTALK_APP_SECRET
  • 钉钉应用已创建并拥有相应 API 权限
  • 对于企业内部应用,确保在钉钉管理后台已授权所需权限

Stream模式(推荐)

  • 企业内部应用(必须)
  • 公网可访问的HTTPS服务器(用于事件回调)
  • 钉钉开发者后台已配置Stream模式事件订阅
  • Python 3.8+ 环境(用于运行Stream Bridge)

环境变量配置

# 传统API和Stream模式都需要
export DINGTALK_APP_KEY="<your-app-key>"
export DINGTALK_APP_SECRET="<your-app-secret>"

# Stream模式额外配置(可选)
export DINGTALK_STREAM_LOG_LEVEL="INFO"
export DINGTALK_SESSION_MEMORY_DIR="./memory"

使用示例

1. 传统API调用

查询用户详情

npx ts-node scripts/get-user.ts "<userId>" [--debug]

发送单聊消息

npx ts-node scripts/send-user-message.ts "<userId>" "<robotCode>" "<消息内容>" [--debug]

获取部门用户列表

npx ts-node scripts/list-department-users.ts "<deptId>" [--debug]

搜索用户

npx ts-node scripts/search-user.ts "<keyword>" [--debug]

2. Stream模式部署(推荐)

启动Stream Bridge

# 创建虚拟环境
python3 -m venv dingtalk_venv
source dingtalk_venv/bin/activate
pip install dingtalk-stream

# 启动Stream服务
./start_dingtalk_stream.sh

会话管理特性

  • 私聊会话dingtalk_private_{user_id} - 每个用户独立会话
  • 群聊会话dingtalk_group_{group_id}_{user_id} - 群聊中每个用户独立会话
  • 记忆持久化:会话记忆保存在 memory/ 目录下
  • 自动清理:24小时无活动的会话自动清理

错误处理

所有脚本在错误时返回统一格式:

{
  "success": false,
  "error": {
    "code": "ERROR_CODE",
    "message": "错误描述"
  }
}

常见错误码:

  • MISSING_CREDENTIALS - 未设置环境变量
  • INVALID_ARGUMENTS - 参数不足
  • AUTH_FAILED - access_token 获取失败
  • PERMISSION_DENIED - 权限不足
  • UNKNOWN_ERROR - API 调用异常
  • STREAM_CONNECTION_FAILED - Stream连接失败

最佳实践

  1. 权限最小化:只申请必要的API权限
  2. 错误处理:始终检查API响应的errcode
  3. 调试模式:使用--debug参数查看详细请求/响应
  4. 批量操作:对于大量数据,使用批量API接口
  5. Stream模式优先:实时交互场景优先使用Stream模式
  6. 会话隔离:确保不同用户的对话上下文完全隔离
  7. 频率控制:遵守钉钉API调用频率限制

安全注意事项

  • 不要在代码中硬编码AppKey/AppSecret
  • 使用环境变量或安全的配置管理
  • 敏感操作(如删除、修改)需要二次确认
  • 遵循钉钉的安全最佳实践指南
  • Stream模式安全:确保回调URL使用HTTPS,验证事件签名
  • 数据隔离:不同用户的会话数据完全隔离,符合企业安全要求

架构优势

多会话隔离架构

  • 用户识别:准确识别私聊和群聊中的不同用户
  • 上下文保持:每个会话保持完整的对话历史
  • 个性化记忆:支持用户偏好和历史记录的持久化
  • 资源管理:自动清理过期会话,避免资源泄露

回复路由优化

  • 通道隔离:钉钉回复只通过钉钉API,避免触发其他通道
  • 性能优化:异步处理,支持高并发
  • 可靠性:结果文件机制确保消息不丢失
  • 错误恢复:网络错误自动重试,保证消息送达

项目结构

dingtalk-api/
├── scripts/                    # 传统API脚本
│   ├── *.ts                   # 各类API调用脚本
├── stream/                    # Stream模式相关文件
│   ├── dingtalk_stream_bridge.py    # Stream Bridge主程序
│   ├── dingtalk_session_manager.py  # 会话管理器
│   ├── dingtalk_reply_tool.py       # 钉钉回复工具
│   └── *.sh                   # 启动/停止脚本
├── memory/                    # 会话记忆文件(运行时生成)
├── types/                     # TypeScript类型定义
├── SKILL.md                   # 技能文档
├── README.md                  # 详细使用说明
└── package.json               # 依赖配置

Comments

Loading comments...