ClawHub

dingtalk-docs

v0.3.4

管理钉钉云文档中的文档、文件夹和内容。当用户想要创建文档、搜索文档、读取或写入文档内容、创建文件夹整理文档时使用。也适用于用户提到云文档、在线文档、钉钉文档、钉文档等关键词的场景。不要在用户需要操作多维表、管理日程、发消息或处理审批流时触发。

4· 806·8 current·9 all-time
byMarila Wang@aliramw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what is required: mcporter is the expected client for MCP tools and DINGTALK_MCP_DOCS_URL is the service URL/token needed to call the documented MCP methods. Required binaries and env vars are proportionate to a MCP-based DingTalk docs integration.
Instruction Scope
SKILL.md and scripts limit actions to document create/search/read/write flows using mcporter. Scripts that read/write local files (import/export) explicitly constrain themselves to the workspace, enforce path-sandboxing, allowed extensions and size limits, and only call MCP via mcporter rather than making raw network calls.
Install Mechanism
No install spec (instruction-only) — nothing is downloaded or executed automatically. The package contains helper scripts for local use; they run mcporter via subprocess which is expected for this integration. No suspicious URLs or extraction steps are present.
Credentials
Only DINGTALK_MCP_DOCS_URL is declared as required (primaryEnv). Scripts optionally use OPENCLAW_WORKSPACE to constrain file access but do not require other secrets. The declared env var is justified since it contains the MCP streamable URL/token.
Persistence & Privilege
always is false and the skill does not request persistent/privileged system changes. It does not modify other skills or system-wide configs. Autonomous invocation is allowed (platform default) but not combined with broad unexplained access.
Assessment
This skill appears internally consistent and implements expected safety checks (path sandboxing, size/extension limits). Before installing: 1) Ensure the mcporter binary you install comes from an official source; 2) Treat DINGTALK_MCP_DOCS_URL as a sensitive token — prefer storing it in mcporter config as recommended instead of exporting it to your shell history; 3) Be aware the provided import/export scripts will read and write files inside your workspace (they enforce a workspace sandbox but don’t access outside paths); 4) If you need stricter isolation, avoid running the local scripts or review them before use. If you want extra assurance, inspect/validate the mcporter config and the exact MCP service URL you provide.

Like a lobster shell, security has layers — review code before you run it.

latestvk9792rpwz2y67p6meb3fes459x82cnz4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsmcporter
EnvDINGTALK_MCP_DOCS_URL
Primary envDINGTALK_MCP_DOCS_URL

Comments